Skip to main content

I'm trying to get an access token for a new sandbox application using JWT, however the REST API keeps responding with OAU-153 Invalid Client ID. The client ID and client secret are definitely correct, as is my JWT token. Not sure what I'm missing here.

$RC_SERVER_URL="https://platform.devtest.ringcentral.com"

$RC_CLIENT_ID="T2V..." # Copied from the app I created

$RC_CLIENT_SECRET="v8dN..." # Copied from the app I created

$RC_JWT_TOKEN = "eyJraW..." # Created under My Account > Credentials 



# as per https://developers.ringcentral.com/guide/authentication/jwt-flow#technical-discussion

$splat = @{

    Method  = "POST"

    Uri     = $RC_SERVER_URL + "/restapi/oauth/token"

    

    headers = @{

        ContentType = 'application/x-www-form-urlencoded; charset=UTF-8'

        Accept = 'application/json'

        Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("${RC_CLIENT_ID}:${RC_CLIENT_SECRET}"))

    }

    body    = @{

            grant_type = 'urn:ietf:params:oauth:grant-type:jwt-bearer'

            assertion = $RC_JWT_TOKEN

    }

}



$Response = Invoke-RestMethod @splat


PS C:scriptsGet-RingCentralData> $Response = Invoke-RestMethod @splat

Invoke-RestMethod : {

  "error" : "invalid_client",

  "errors" : [ {

    "errorCode" : "OAU-153",

    "message" : "Invalid client: T2VHgSXZQ92J0lu_htr0yQ",

    "parameters" : [ {

      "parameterName" : "client_id",

      "parameterValue" : "T2VHgSXZQ92J0lu_htr0yQ"

    } ]

  } ],

  "error_description" : "Invalid client: T2VHgSXZQ92J0lu_htr0yQ"

}

At line:1 char:13

+ $Response = Invoke-RestMethod @splat

+             ~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand


The one thing I find very confusing is when I go to Console > Apps > My New App > Credentials, the "User Credentials" section contains the dev environment's admin account with extension 101, and the info box says "use these credentials to test your app!"... well, I don't have access to that account, I want to use my own JWT to test the app. Is this what's causing me issues? Or is this just RingCentral trying to be "convenient" by showing me some credentials I could test with?

Any assistance would be greatly appreciated!

It looks like you created a new JWT token. Make sure you copy the new JWT token and also double check the app client id and client secret as it works for you earlier.

The section describes the dev environment contains the instruction for using username and password authentication. Since you are using the JWT token, you. can just ignore it.

Appreciate the quick responses, Phong.

I just double checked and the JWT, client ID and client secret are all correct for my app. My JWT is authorized for all apps in the environment and has no expiry date. The app is currently set to Public, but I've tried it as Private as well and got the same result.

FYI I never fully got this working - the OAU-153 error is what I started getting once I resolved that 502 bad gateway issue 🙂

As I said, I don't work on Powershell so I cannot really test your code. However, I wrote this PHP lib for authenticating with JWT token and I just test the code with your app credentials and the JWT token and it works well. So I am not sure what is wrong in your environment.

https://github.com/PacoVu/authentication-jwt-flow-php

If you want to verify the app credentials and JWT token, you can clone the project and run the PHP code to test. And compare the authenticate params with your Powershell code.

Thanks for the github repo - it looks like I am doing everything the same. I just changed the app from Public to Private, and without changing anything else, it suddenly started working. Not sure what the root cause was, unfortunately.

As always, thanks for the assistance!

Reply


Terms & ConditionsCookie settings