question

Rob Fuller avatar image
Rob Fuller asked Suyash Joshi commented

Gett error Unauthorized for this grant type

Been working on an SMS app via Python/Django. I was able to get everything running just fine with the Password based Auth Flow, however, I am looking at using JWT.

I setup a sandbox JWT credential and update my sandbox app to use the JWT. Then I copied the login script from https://developers.ringcentral.com/guide/authentication/jwt/quick-start. Just to run a quick test, I just ran this script (after updating my .env file with the the JWT credentials).

Now I get an error that "Unable to authenticate to platform. Check credentials.Unauthorized for this grant type"

I have found several articles supporting this method and all seems to be setup correctly. I did use the script from https://community.ringcentral.com/questions/106980/jwt-token-failure.html as well. This script didn't use the .env file, just entered my credentials and received the same error. I also saw and older post from 2016 suggesting there was a different test server, but I get "resource not found" when attempting to use that option. https://community.ringcentral.com/questions/301/unauthorized-for-this-grant-type.html

I am new to coding, so very well could be missing some major steps. Any suggestions on next things to read or review would be great. I have been looking at other JWT systems and it looks like maybe I am missing a step for an Authorization header? (Maybe I cannot just test using this script?)

import os
import sys

from dotenv import load_dotenv
from ringcentral import SDK

load_dotenv()


rcsdk = SDK(os.environ.get('RC_CLIENT_ID'),
             os.environ.get('RC_CLIENT_SECRET'),
             os.environ.get('RC_SERVER_URL') )
platform = rcsdk.platform()

print(platform)

try:
  platform.login(jwt=os.environ.get('RC_JWT'))
except Exception as e:
  sys.exit("Unable to authenticate to platform. Check credentials." + str(e))

print(f'Login with JWT successful.')


Thanks in advance!

authentication
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered Rob Fuller edited

I use the admin tool to login your developer portal to get the app credentials and JWT token and try on my code. Works like a charm. So try this exact code.

from ringcentral import SDK


RINGCENTRAL_CLIENTID = 'Copy/paste app client id here'
RINGCENTRAL_CLIENTSECRET =  'Copy/paste app client secret here' 
RINGCENTRAL_SERVER = 'https://platform.devtest.ringcentral.com'

rcsdk = SDK( RINGCENTRAL_CLIENTID, RINGCENTRAL_CLIENTSECRET, RINGCENTRAL_SERVER)
platform = rcsdk.platform()

JWT_TOKEN = 'Copy/paste your JWT token here'

try:
    platform.login( jwt=JWT_TOKEN )
    params = {
        'dateFrom': "2022-07-01T00:00:00.000Z"
        }
    resp = platform.get('/restapi/v1.0/account/~/extension/~/message-store', params)
    for record in resp.json().records:
        print ("Message type: " + record.type)
except Exception as e:
    print ("Unable to authenticate to platform. Check credentials." + str(e))
5 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Still running into the error.

I created a new project and new virtual environment. Installed RingCentral and updates to PIP. Same error.

I went onto one of my virtual machines. Ran the script like you show and got the same error. Verified I am running Python V3.8.10 and RingCentral 0.7.13 on that VM as well. (Ubuntu 22.2)

I do see your successful attempts per the dashboard and I see my failed attempts. virtual-machine.png

0 Likes 0 ·
virtual-machine.png (20.0 KiB)

JWT token is just the token string, NOT the JSON object string!

1 Like 1 ·
Rob Fuller avatar image Rob Fuller Phong Vu ♦♦ ·

Geeze. I swore I tired changing it this morning and got a different error, but this was the issue. I am working now. Maybe a combo error with the last token and then I kept putting this in wrong.


Thank you very much for the assistance!! Looks like everything should work fine now.

0 Likes 0 ·

And this is your app stats. I first called the call-log but your app does not have the app permission so it failed. Reading the message-store was successful. If it still does not work for you, it's your environment and I cannot help checking it.

screen-shot-2022-07-21-at-104730-am.png

1 Like 1 ·

In the JSON example from the credentials page, it shows "JWT Label" : "Token" is this the correct format? I am wondering if this is just a setup error since you have it working.


**Update, this is the incorrect format. Should not include the JWT label. Thanks for all the feedback

0 Likes 0 ·
Phong Vu avatar image
Phong Vu answered Rob Fuller commented

Make sure you use the correct client id and client secret of the new app that use JWT token. Also, did you update the Python SDK. Only the latest version of the SDK supports JWT token.

If this does not help, let me know the app client id.

6 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

I verified login credentials via the JSON download on the app. I feel pretty confident about these.

I am running Python version 3.10.5 and ringcentral version 0.7.13. I did check for updates as well, but looks like that is the latest and greatest.

Client ID is sqv4GM0rTvicOlkEW_op6g


@Phong Vu sorry, forgot to tag you on my reply

0 Likes 0 ·

There is nothing wrong with your app. I believe that the environment some how messed up. Why don't you just test by coping the parameters and use them directly instead of using the os.environ.get?

0 Likes 0 ·
Rob Fuller avatar image Rob Fuller Phong Vu ♦♦ ·

@Phong Vu tried it this way too. Still getting the Unauthorized for grant type error. I am sure it is something I am doing. Appreciate the feedback for sure. (See 2 screen shots)login-error.png

0 Likes 0 ·
login-error.png (40.0 KiB)
login-error2.png (37.8 KiB)
Show more comments
Show more comments
Suyash Joshi avatar image
Suyash Joshi answered Rob Fuller commented

Hi @Rob Fuller did you create the JWT Token and tie it to the application correctly? For instance, your JWT can be tied to the Application Client ID or you can choose all applications for your organization and make sure it's either for Sandbox or the Production environment and then use those credentials for RC_CLIENT_ID, RC_CLIENT_SECRET and RC_SERVER_URL.

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Hey @Suyash Joshi. Thank you for the note. I did double check this by downloading the JSON file in the credentials area of the App that I created. I double checked that the JWT id listed there does match the JWT id that I created via the credentials. This is all in the Sandbox too.

Right now, I am just using "All Applications" to avoid any confusion while I troubleshoot the issue.

0 Likes 0 ·
Elie Kozah avatar image
Elie Kozah answered

Hey @Rob Fuller

I suspect that the problem might be with the credentials. I copied the same code above and used it with my credentials and it worked.


1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Elie Kozah avatar image
Elie Kozah answered Rob Fuller commented

Also @Rob Fuller Unauthorized for this grant type means that your app key and secret are correct but the problem is with the JWT token.

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Good to understand that side of it.

0 Likes 0 ·
Elie Kozah avatar image
Elie Kozah answered Rob Fuller edited

@Rob Fuller also make sure you changed the auth to JWT in your dev account.

2 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

@Elie Kozah thanks for the note. I did a quick compare today between the token shown in credentials and the one show on my account and confirmed they are the same.

Maybe a formatting issue? I have '"Appname":"key"' in my .env file.

I do see without App Name, I get "Invalid assertion signature". I assume I am formatting it correct because with the App name, i get the Unauthorized error.

0 Likes 0 ·

account-access.pngYea, I had switch it to Password for a bit to make sure something was working, but switched it back to JWT once I confirmed that the password worked.

0 Likes 0 ·
account-access.png (34.1 KiB)
Rob Fuller avatar image
Rob Fuller answered Suyash Joshi commented

I found if you forget to update your server settings to the production server, you will also get this error when attempting to use the production token.

Ironically, the production Client ID, production Client Secret, and the production user name will also work with the Sandbox JWT on the sandbox server. Not sure this if only occurs after you have achieved Production Status or if that would have worked earlier as well.

This issue does still use the Sandbox phone number though. This made it a little confusing for a second until I remember to switch servers.

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Ironically, the production Client ID, production Client Secret, and the production user name will also work with the Sandbox JWT on the sandbox server. Not sure this if only occurs after you have achieved Production Status or if that would have worked earlier as well.

this issue could be a bug, paging @Byrne Reese here for input.

0 Likes 0 ·

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys