Gett error Unauthorized for this grant type

Question

question

Rob Fuller asked Jul 20, '22 Suyash Joshi commented Jul 26, '22

Gett error Unauthorized for this grant type

Been working on an SMS app via Python/Django. I was able to get everything running just fine with the Password based Auth Flow, however, I am looking at using JWT.

I setup a sandbox JWT credential and update my sandbox app to use the JWT. Then I copied the login script from https://developers.ringcentral.com/guide/authentication/jwt/quick-start. Just to run a quick test, I just ran this script (after updating my .env file with the the JWT credentials).

Now I get an error that "Unable to authenticate to platform. Check credentials.Unauthorized for this grant type"

I have found several articles supporting this method and all seems to be setup correctly. I did use the script from https://community.ringcentral.com/questions/106980/jwt-token-failure.html as well. This script didn't use the .env file, just entered my credentials and received the same error. I also saw and older post from 2016 suggesting there was a different test server, but I get "resource not found" when attempting to use that option. https://community.ringcentral.com/questions/301/unauthorized-for-this-grant-type.html

I am new to coding, so very well could be missing some major steps. Any suggestions on next things to read or review would be great. I have been looking at other JWT systems and it looks like maybe I am missing a step for an Authorization header? (Maybe I cannot just test using this script?)

import os
import sys

from dotenv import load_dotenv
from ringcentral import SDK

load_dotenv()


rcsdk = SDK(os.environ.get('RC_CLIENT_ID'),
             os.environ.get('RC_CLIENT_SECRET'),
             os.environ.get('RC_SERVER_URL') )
platform = rcsdk.platform()

print(platform)

try:
  platform.login(jwt=os.environ.get('RC_JWT'))
except Exception as e:
  sys.exit("Unable to authenticate to platform. Check credentials." + str(e))

print(f'Login with JWT successful.')

Thanks in advance!

authentication

1 |3000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

On MacOS: press "fn + command + f2" keys
On Windows: press "Ctrl + F2" keys

Answer 1 · 2022-07-21T16:29:54Z

Phong Vu answered Jul 21, '22 Rob Fuller edited Jul 21, '22

I use the admin tool to login your developer portal to get the app credentials and JWT token and try on my code. Works like a charm. So try this exact code.

from ringcentral import SDK


RINGCENTRAL_CLIENTID = 'Copy/paste app client id here'
RINGCENTRAL_CLIENTSECRET =  'Copy/paste app client secret here' 
RINGCENTRAL_SERVER = 'https://platform.devtest.ringcentral.com'

rcsdk = SDK( RINGCENTRAL_CLIENTID, RINGCENTRAL_CLIENTSECRET, RINGCENTRAL_SERVER)
platform = rcsdk.platform()

JWT_TOKEN = 'Copy/paste your JWT token here'

try:
    platform.login( jwt=JWT_TOKEN )
    params = {
        'dateFrom': "2022-07-01T00:00:00.000Z"
        }
    resp = platform.get('/restapi/v1.0/account/~/extension/~/message-store', params)
    for record in resp.json().records:
        print ("Message type: " + record.type)
except Exception as e:
    print ("Unable to authenticate to platform. Check credentials." + str(e))

5

1 |3000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Rob Fuller commented · Jul 21, 2022 at 05:13 PM

Still running into the error.

I created a new project and new virtual environment. Installed RingCentral and updates to PIP. Same error.

I went onto one of my virtual machines. Ran the script like you show and got the same error. Verified I am running Python V3.8.10 and RingCentral 0.7.13 on that VM as well. (Ubuntu 22.2)

I do see your successful attempts per the dashboard and I see my failed attempts.

0 ·

virtual-machine.png (20.0 KiB)

Phong Vu ♦♦ Rob Fuller commented · Jul 21, 2022 at 05:49 PM

And this is your app stats. I first called the call-log but your app does not have the app permission so it failed. Reading the message-store was successful. If it still does not work for you, it's your environment and I cannot help checking it.

1 ·

screen-shot-2022-07-21-at-104730-am.png (70.5 KiB)

Phong Vu ♦♦ Rob Fuller commented · Jul 21, 2022 at 05:46 PM

JWT token is just the token string, NOT the JSON object string!

0 ·

Rob Fuller Phong Vu ♦♦ commented · Jul 21, 2022 at 05:52 PM

Geeze. I swore I tired changing it this morning and got a different error, but this was the issue. I am working now. Maybe a combo error with the last token and then I kept putting this in wrong.

Thank you very much for the assistance!! Looks like everything should work fine now.

0 ·

Rob Fuller commented · Jul 21, 2022 at 05:23 PM

In the JSON example from the credentials page, it shows "JWT Label" : "Token" is this the correct format? I am wondering if this is just a setup error since you have it working.

**Update, this is the incorrect format. Should not include the JWT label. Thanks for all the feedback

0 ·

Answer 2 · 2022-07-20T16:34:00Z

Phong Vu answered Jul 20, '22 Rob Fuller commented Jul 21, '22

Make sure you use the correct client id and client secret of the new app that use JWT token. Also, did you update the Python SDK. Only the latest version of the SDK supports JWT token.

If this does not help, let me know the app client id.

6

1 |3000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Rob Fuller commented · Jul 20, 2022 at 05:31 PM

I verified login credentials via the JSON download on the app. I feel pretty confident about these.

I am running Python version 3.10.5 and ringcentral version 0.7.13. I did check for updates as well, but looks like that is the latest and greatest.

Client ID is sqv4GM0rTvicOlkEW_op6g

@Phong Vu sorry, forgot to tag you on my reply

0 ·

Phong Vu ♦♦ Rob Fuller commented · Jul 21, 2022 at 02:26 PM

There is nothing wrong with your app. I believe that the environment some how messed up. Why don't you just test by coping the parameters and use them directly instead of using the os.environ.get?

0 ·

Rob Fuller Phong Vu ♦♦ commented · Jul 21, 2022 at 02:49 PM

@Phong Vu tried it this way too. Still getting the Unauthorized for grant type error. I am sure it is something I am doing. Appreciate the feedback for sure. (See 2 screen shots)

0 ·

login-error.png (40.0 KiB)

login-error2.png (37.8 KiB)

Show more comments

Answer 3 · 2022-07-20T16:43:02Z

Suyash Joshi answered Jul 20, '22 Rob Fuller commented Jul 20, '22

Hi @Rob Fuller did you create the JWT Token and tie it to the application correctly? For instance, your JWT can be tied to the Application Client ID or you can choose all applications for your organization and make sure it's either for Sandbox or the Production environment and then use those credentials for RC_CLIENT_ID, RC_CLIENT_SECRET and RC_SERVER_URL.

1

1 |3000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Rob Fuller commented · Jul 20, 2022 at 05:15 PM

Hey @Suyash Joshi. Thank you for the note. I did double check this by downloading the JSON file in the credentials area of the App that I created. I double checked that the JWT id listed there does match the JWT id that I created via the credentials. This is all in the Sandbox too.

Right now, I am just using "All Applications" to avoid any confusion while I troubleshoot the issue.

0 ·

Answer 4 · 2022-07-20T21:30:11Z

Elie Kozah answered Jul 20, '22

Hey @Rob Fuller

I suspect that the problem might be with the credentials. I copied the same code above and used it with my credentials and it worked.

1 |3000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Answer 5 · 2022-07-20T21:34:26Z

Elie Kozah answered Jul 20, '22 Rob Fuller commented Jul 21, '22

Also @Rob Fuller Unauthorized for this grant type means that your app key and secret are correct but the problem is with the JWT token.

1

1 |3000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Rob Fuller commented · Jul 21, 2022 at 01:21 PM

Good to understand that side of it.

0 ·

Answer 6 · 2022-07-20T21:44:24Z

Elie Kozah answered Jul 20, '22 Rob Fuller edited Jul 21, '22

@Rob Fuller also make sure you changed the auth to JWT in your dev account.

2

1 |3000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Rob Fuller commented · Jul 21, 2022 at 01:19 PM

@Elie Kozah thanks for the note. I did a quick compare today between the token shown in credentials and the one show on my account and confirmed they are the same.

Maybe a formatting issue? I have '"Appname":"key"' in my .env file.

I do see without App Name, I get "Invalid assertion signature". I assume I am formatting it correct because with the App name, i get the Unauthorized error.

0 ·

Rob Fuller commented · Jul 21, 2022 at 03:03 PM

Yea, I had switch it to Password for a bit to make sure something was working, but switched it back to JWT once I confirmed that the password worked.

0 ·

account-access.png (34.1 KiB)

Answer 7 · 2022-07-26T14:09:32Z

Rob Fuller answered Jul 26, '22 Suyash Joshi commented Jul 26, '22

I found if you forget to update your server settings to the production server, you will also get this error when attempting to use the production token.

Ironically, the production Client ID, production Client Secret, and the production user name will also work with the Sandbox JWT on the sandbox server. Not sure this if only occurs after you have achieved Production Status or if that would have worked earlier as well.

This issue does still use the Sandbox phone number though. This made it a little confusing for a second until I remember to switch servers.

1

1 |3000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Suyash Joshi ♦ commented · Jul 26, 2022 at 05:23 PM

Ironically, the production Client ID, production Client Secret, and the production user name will also work with the Sandbox JWT on the sandbox server. Not sure this if only occurs after you have achieved Production Status or if that would have worked earlier as well.

this issue could be a bug, paging @Byrne Reese here for input.

0 ·

question