question

Josie Li avatar image
Josie Li asked Josie Li commented

User authorization failure with error "Invalid resource owner credentials"

Our company sandbox has graduated and been transited into a production environment. However running the same application against the production environment produces authorization failures. The production account credentials only works for the default Admin user and it fails on all other users with the following error:

I have updated the RingCentralClient to use production Url.


12:49:19.48 [TP03] RingCentralClient: !! Error !! Initialize: Exception caught - message=Response:

StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:

{

Connection: keep-alive

X-Application-Context: application:8080

RCRequestId: 8cc942f8-082e-11eb-8cdc-005056bbb2d3

Pragma: no-cache

AceRoutingKey: sjc01-c01-ace03.004a3340-fc99-11ea-a999-005056973b9b

RoutingKey: IAD01P12

Cache-Control: no-store

Date: Tue, 06 Oct 2020 23:49:19 GMT

Server: nginx

Content-Length: 199

Content-Language: en

Content-Type: application/json; charset=utf-8

}

Content: {

"error" : "invalid_grant",

"errors" : [ {

"errorCode" : "OAU-140",

"message" : "Invalid resource owner credentials"

} ],

"error_description" : "Invalid resource owner credentials"

}


Could you please what I have done wrong?


Any help is appreciated!

rest api
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

4 Answers

Josie Li avatar image
Josie Li answered

Here is the authorization code:


//Client ID, Client secret, User Name, Password are copied over from the production environment //under the app account. Ext number such as 101, 102 etc.

m_log.Trace($"Initialize: Create RestClient for user={m_username} extension={m_extensionNumber} clientId={m_clientId}");

m_restClient = new RestClient(m_clientId, m_clientSecret, true);


m_log.Trace($"Initialize: Authorize for user={m_username} extension={m_extensionNumber}");

var tokenInfo = await m_restClient.Authorize(m_username, m_extensionNumber, m_password);

1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered

What is your app client id?

1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Josie Li avatar image
Josie Li answered Phong Vu commented

@Phong Vu This is the app client id: P5AyjJlYRYGfF1kcXTDlXg. Thanks!

1 comment
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image Phong Vu ♦♦ commented ·

Your app looks ok. And based on the app analytics, I saw that you have some successful API call on the production account. This means that you could login with some users and failed with some users.

When calling this line

var tokenInfo = await m_restClient.Authorize(m_username, m_extensionNumber, m_password);

Do you use the main company phone number and the extension number? Or do you use the extension's direct phone number e.g. the extension "102" has this number ending with xxx-3436?

Thing for you to check, login the service web with the user credentials you use to login the app. If that does not work, it really means you are using the wrong username and password combination.

0 Likes 0 ·
Josie Li avatar image
Josie Li answered Josie Li commented

@Phong Vu Thank you for the quick response! It turns out that the user password has to be the same as the password of the app account. Once we updated the user password to that, it all starts working! Our application made the assumption that all user password should be the same as the main company number password. So my question is that why we cannot use the main company number/password to log into all extension as it would be much simpler for the application if it need to maintain more than one user? Thanks

4 comments
1 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image Phong Vu ♦♦ commented ·

Yes, you can login your app using the main company number, the extension number and the password belong to that extension. I don't understand your assumption that all user password should be the same. Each user should set their own password and shouldn't it be different from each other as a good practice?

Believe me, 10/10 always claims that they login with correct username and password and just find out at the end they were wrong or mistaken.

0 Likes 0 ·
Josie Li avatar image Josie Li Phong Vu ♦♦ commented ·

What i'm thinking was that there is an App user/password which is allowed to log into all extensions we like to control

0 Likes 0 ·
Phong Vu avatar image Phong Vu ♦♦ Josie Li commented ·

Login with the user extension with a super admin role. A super admin user can do a lot for other extensions such as read extension's call log, message store or create new extensions, etc. It cannot send SMS on behalf of other extensions though.

0 Likes 0 ·
Show more comments

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys