This type of issues are common and reported multiple times in community previously.
If you're using an OAuth 2.0 request using the OAuth 2.0 password grant (grant_type=password
), then your application you created should in the RingCentral Developer Portal should be Password flow .
Please note, application created with different platform type will have different grant_type.
For example, application created for platform type = browser based will have grant_type=Authorization Code | Implicit | Refresh Access Token where as application for platform type = Desktop/Windows will have grant_type= Authorization Code | Password flow |Refresh Access Token
So in order to use (grant_type=password
) you need to have application created with platform type that support Password flow
Here is wonderful way it has answered with animated Gif image that will easily help you to understand the proccess: https://stackoverflow.com/questions/47692828/ringcentral-auth-token-failed-in-curl-call-unauthorized-for-this-grant-type/47745436#47745436
Authentication is an essential part of every application as we all know, so encountering problems during this phase can be especially frustrating. If you are feeling frustrating, let me begin by apologizing for the difficulty you are having.
And now, let's turn our attention to how we can overcome this hurdle and get your app connecting to the platform successfully for the first time. If you are receiving the following error:
{
"error": "invalid_request",
"errors": [{
"errorCode": "OAU-250",
"message": "Unsupported grant type"
}],
"error_description": "Unsupported grant type"
}
Then there are a small set of remedies that will help you get back on track.
To begin, let's get back to basics: what is a "grant type?" A grant type is an OAuth term and refers to the method by which an access token is granted to your application. In layman's terms, a grant type is an authentication methodology. At the time of this answer being written, RingCentral documents only two grant types. They are:
* JWT
* Authorization code flow
There is a third still in use by many developers called "ROPC" (Resource Owner Password Credential) or more informally called "password" auth. This is currently deprecated and will be removed from the platform on March 31, 2024.
So why might you be getting an "unsupported grant type" error. Here are three common causes for this error.
**Your application is not configured properly**
The first and easiest thing for you to check is that the auth method you implemented corresponds with the auth method selected for your application. Login to the Developer Console, select your app, and click "Settings." Scroll down to the "Auth" section and see what is selected there. Then check your code to see what auth method you have implemented.
Compare your code with what you see in our quick start exercises to see which you are currently utilizing.
* [Authorization code flow][1]
* [jwt][2]
If your code is out-of-sync with your config, change your settings and try to auth again.
**Your request is not transmitted properly**
One mistake developers can make is by calling the OAuth token endpoint incorrectly.
1. Calls to the OAuth token endpoint must utilize the "POST" HTTP method.
2. The request payload should be transmitted in the body of the request, and NOT via the querystring.
3. The request must contain an HTTP Authorization header that properly encodes your app's client ID and secret
Let's look at an example:
POST /restapi/oauth/token?username=12XXXXXXX&password=xzyz**@9779
&extension=xxx&grant_type=password HTTP/1.1
Host: platform.ringcentral.com
Accept: application/json
Content-Type: application/x-www-form-urlencoded
The above is incorrect for two reasons. First, the auth credentials are being transmitted in the URL. Second, the request is missing an Authorization header. The proper formation of this request would be:
POST /restapi/oauth/token HTTP/1.1
Host: platform.ringcentral.com
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Authorization: Basic cmVsLWFsbC1wZXJtaXNzaWXFjMmpRZmlQcnlkSUkweE92QQ==
username=12XXXXXXX&password=xzyz**@9779&extension=xxx&grant_type=password
**You are calling the wrong endpoint**
The following request looks right. The request is being transmitted in the request payload, the right HTTP method is being used, and an Authorization header is being transmitted.
POST /restapi/oauth/token HTTP/1.1
Content-type: application/x-www-form-urlencoded
Authorization: Basic
{
"grant_type": "authorization_code",
"code": ,
"client_id": "",
"redirect_uri": ""
}
But if you look closely, an authorization code is being used, which means that the API call above is the second step of the authentication flow. In this step, one is exchanging an authorization code for an access token, which is done by calling the [`/authorize`][3] endpoint (not the [`/token`][4] endpoint).
The fix is to change the URL you are posting to, like so:
POST /restapi/oauth/authorize HTTP/1.1
Content-type: application/x-www-form-urlencoded
Authorization: Basic
{
"grant_type": "authorization_code",
"code": ,
"client_id": "",
"redirect_uri": ""
}
[1]: https://developers.ringcentral.com/guide/authentication/quick-start
[2]: https://developers.ringcentral.com/guide/authentication/jwt/quick-start
[3]: https://developers.ringcentral.com/api-reference/Authorization
[4]: https://developers.ringcentral.com/api-reference/Get-Token