I am getting the OAU-250 error when attempting the JWT Authentication Flow. I am basically using CURL to attempt this. The curl options are:
"–X POST -D \"\" --header \"Accept: application/json\" --header \"Content-Type: application/x-www-form-urlencoded\" --header \"Authorization: Basic " & $basic & "\" --data " & $data
$basic is a base64 encoded combo of clientID:clientSecret
$data is "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=" & $jwt
$jwt is the jwt value we received in the rc_credentials.json file for the application.
The app is private and is configured for JWT auth flow and issue refresh tokens is set to Yes. The application scope is set to read accounts and ringout.
What am I missing?
Replace the based64 encoded and the JWT token and try this form of curl
curl --request POST \
--url 'https://platform.ringcentral.com/restapi/oauth/token' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic [based64 encoded clientId:clientSecret]' \
--data 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=[YourJWTToken]'
Same result.
{ "error" : "invalid_request", "error_description" : "Unsupported grant type", "errors" : { "errorCode" : "OAU-250", "message" : "Unsupported grant type" } ]}
Same result.
{ "error" : "invalid_request", "error_description" : "Unsupported grant type", "errors" : { "errorCode" : "OAU-250", "message" : "Unsupported grant type" } ]}
Then probably your app is not a JWT flow. What is the app client id?
3bE6qFKZ8PYejkchRxkiWD
JWT is clearly selected in the portal.
3bE6qFKZ8PYejkchRxkiWD
JWT is clearly selected in the portal.
I use your app credentials and the JWT token and it works well
{
"access_token" : "U0pDMDFQMDZQQVM....",
"token_type" : "bearer",
"expires_in" : 3600,
"refresh_token" : "U0pDMDFQMDZQQVMwMHx....",
"refresh_token_expires_in" : 604800,
"scope" : "ReadAccounts RingOut",
"owner_id" : "319508XXXX",
"endpoint_id" : "X21JJSrFTaS47XRTUY...",
"session_id" : "875400b4-7db1-4b47-ad65-25785b04...",
"session_idle_timeout" : 3600
}
I see that you have 2 JWT tokens, one for a specific app and one for all apps under the account. Use the one for all apps to make sure that it allows you to authenticate any app, otherwise, use the right JWT token and the right app credentials.
If that does not help, double check your code, the based64 encoded etc.
Using the JWT ending in toQ
Using the client ID ending in WD
Using the secret ending in v4
Is the basic authentication literally Base64(xxxxxxxv4:XXXXXXXWD)? Do we keep the == in from the end of the command?
I ran the curl command from the command line and got the same error.
Using the JWT ending in toQ
Using the client ID ending in WD
Using the secret ending in v4
Is the basic authentication literally Base64(xxxxxxxv4:XXXXXXXWD)? Do we keep the == in from the end of the command?
I ran the curl command from the command line and got the same error.
Every single char from the based60 encoded. So including the ==
That’s what I’m doing and still get the error.
That’s what I’m doing and still get the error.
If it does not work with the
Using the JWT ending in toQ
Using the client ID ending in WD
Using the secret ending in v4
Is the basic authentication literally Base64(xxxxxxxv4:XXXXXXXWD)? Do we keep the == in from the end of the command?
I ran the curl command from the command line and got the same error.
Every single char from the based60 encoded. So including the ==
Reading carefully, as you wrote
Using the client ID ending in WD
Using the secret ending in v4
Base64(xxxxxxxv4:XXXXXXXWD)
Why did you put the string to be based64 encoded “clientSecret:clientId”?
It must be clientID:clientSecret. So it must be Base64(xxxxxxxWD:XXXXXXXv4)
Sorry, that was a typo. Checking the code it is (xxxxxxxWD:XXXXXXXXv4). That results in an encoded string staring with M2 and ending with NA==. I have done the conversion using multiple tools and get the same result.
Sorry, that was a typo. Checking the code it is (xxxxxxxWD:XXXXXXXXv4). That results in an encoded string staring with M2 and ending with NA==. I have done the conversion using multiple tools and get the same result.
If all the credentials are correct and you still cannot get authenticated. I can only think that something is not correct in your curl or environment.
Clone this PHP project and try with the code. Or download any RingCentral SDK to try.
I’m doing it on Windows - I have a Mac I can try it on and see if I get different results. I’ll report back.
It worked on the Mac, so I researched the differences of curl on a Mac and Windows and found the solution. On a Mac/Linux machine. you enclose the parameters with ‘. On a Windows machine, you enclose the parameters with “. Also of note on Windows, if you run from PowerShell, curl is now aliased to Invoke-WebRequest, so if you want to use curl, you need to call curl.exe. Hope this post helps save someone else a lot of time :-)
So in the end, the command, on Windows needs to be:
curl -request POST
--header "Accept: application/json"
--header "Content-Type: application/x-www-form-urlencoded"
--header "Authorization: Basic XYZABC=="
--data "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eXYZABZQ"
--url "https://platform.ringcentral.com/restapi/oauth/token"
I am now working :-)
