question

Lauren Anderson avatar image
Lauren Anderson asked Suyash Joshi commented

JWT authorization does not work, error OAU-250 "unsupported grant type"

Using JWT to request an access token as explained at https://developers.ringcentral.com/guide/authentication/jwt-flow#technical-discussion does not work. I created an application in Sandbox with "Read Accounts" permissions and a JWT for "all apps belonging to my organization" and followed the instructions in the documentation above. When I POST to https://platform.devtest.ringcentral.com/restapi/oauth/token as shown in the example, I get 400 invalid request and errorCode OAU-250 "Unsupported grant type". I have tried it with both Postman and curl and get the same error. I have properly base64-encoded the Client ID and Secret with a ":" between them (I've done this with other APIs on other platforms and know the routine). I added the Content-Type as shown in the example, added the JWT to the body, etc. I've deleted and regenerated the JWT numerous times as well as the applications. It does not work. Is the JWT authorization flow one that we can actually use? Or is it reserved from some special, unnamed APIs or authorization servers? It doesn't work in the Sandbox.

get token
3 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Lauren Anderson avatar image Lauren Anderson commented ·

And yes, when I created the app, I marked "JWT auth flow" instead of "3-legged OAuth flow authorization code".

0 Likes 0 ·
Yatin Gera avatar image Yatin Gera ♦♦ Lauren Anderson commented ·

Can you please share the client id of your app

0 Likes 0 ·
Lauren Anderson avatar image Lauren Anderson Yatin Gera ♦♦ commented ·

"All APIs JWT Test" client id: H4PSEw2URKG3UCtgDR10Cw

0 Likes 0 ·
Lauren Anderson avatar image
Lauren Anderson answered Suyash Joshi commented

Thank you Phong, Yatin and Suyash. Those examples all worked. The problem wasn't public or private. The problem I had was that I didn't URL encode the grant_type and assertion. I was sending (wrong):

grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer

instead of (right):

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer

And when I ran it in Postman, I also incorrectly set the Body to use "form-data" instead of "x-www-form-urlencoded" (which URL encodes the value for grant_type and assertion). Thank you for the excellent responses.

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Suyash Joshi avatar image Suyash Joshi ♦ commented ·

glad you figured it out!

0 Likes 0 ·
Phong Vu avatar image
Phong Vu answered Yatin Gera commented

The problem is that you created a public app "All APIs JWT Test" and you select the "Personal JWT". I change your app scope to "Private" now. Try it again.

3 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Lauren Anderson avatar image Lauren Anderson commented ·

I had already tried both public and private app settings. I tried it again after you changed it to private and I still get the same error.

0 Likes 0 ·
Phong Vu avatar image Phong Vu ♦♦ Lauren Anderson commented ·

Not sure what could be wrong with your code. But can you quickly double check if the app and the JWT token are valid by installing the JS SDK and try this.

$ npm install @ringcentral/sdk --save

const RC = require('@ringcentral/sdk').SDK

const JWT_TOKEN = "YourJWTToken"
var rcsdk = new RC({
    'server': "https://platform.devtest.ringcentral.com",
    'clientId': "YourAppClientId,
    'clientSecret': "YourAppClientSecret"
});
var platform = rcsdk.platform();

platform.login({
    'jwt':  JWT_TOKEN
})

platform.on(platform.events.loginSuccess, function(e){
    console.log("User logged in successfully")
});

Let me know if this works, then we will have a deeper look at your code to see what is going wrong

1 Like 1 ·
Yatin Gera avatar image Yatin Gera ♦♦ Lauren Anderson commented ·
curl --location --request POST 'https://platform.devtest.ringcentral.com/restapi/oauth/token' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic Base64-Encoded(YOUR_CLIENT_ID:YOUR_CLIENT_SECRET)' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' \
--data-urlencode 'assertion=YOUR_JWT_TOKEN'

Attaching a curl request as a reference for you to try.
Replace YOUR_CLIENT_ID, YOUR_CLIENT_SECRET and YOUR_JWT_TOKEN


It is usually content type or POST data that could lead to such an error

1 Like 1 ·
Suyash Joshi avatar image
Suyash Joshi answered

Hi @Lauren Anderson here is a sample project on GitHub that you can clone/download and run it. Just make sure to update the .env file with your credentials including JWT and it should work: https://github.com/suyashjoshi/ringcentral-node-auth-jwt

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys