To homepage To homepage
Solved

Gett error Unauthorized for this grant type

R

Been working on an SMS app via Python/Django. I was able to get everything running just fine with the Password based Auth Flow, however, I am looking at using JWT.

I setup a sandbox JWT credential and update my sandbox app to use the JWT. Then I copied the login script from https://developers.ringcentral.com/guide/authentication/jwt/quick-start. Just to run a quick test, I just ran this script (after updating my .env file with the the JWT credentials).

Now I get an error that "Unable to authenticate to platform. Check credentials.Unauthorized for this grant type"

I have found several articles supporting this method and all seems to be setup correctly. I did use the script from https://community.ringcentral.com/questions/106980/jwt-token-failure.html as well. This script didn't use the .env file, just entered my credentials and received the same error. I also saw and older post from 2016 suggesting there was a different test server, but I get "resource not found" when attempting to use that option. https://community.ringcentral.com/questions/301/unauthorized-for-this-grant-type.html

I am new to coding, so very well could be missing some major steps. Any suggestions on next things to read or review would be great. I have been looking at other JWT systems and it looks like maybe I am missing a step for an Authorization header? (Maybe I cannot just test using this script?)

import os
import sys

from dotenv import load_dotenv
from ringcentral import SDK

load_dotenv()


rcsdk = SDK(os.environ.get('RC_CLIENT_ID'),
             os.environ.get('RC_CLIENT_SECRET'),
             os.environ.get('RC_SERVER_URL') )
platform = rcsdk.platform()

print(platform)

try:
  platform.login(jwt=os.environ.get('RC_JWT'))
except Exception as e:
  sys.exit("Unable to authenticate to platform. Check credentials." + str(e))

print(f'Login with JWT successful.')


Thanks in advance!

icon

Best answer by Phong1426275020 21 July 2022, 18:29

View original

15 replies

Phong1426275020
Rank
Userlevel 1

Make sure you use the correct client id and client secret of the new app that use JWT token. Also, did you update the Python SDK. Only the latest version of the SDK supports JWT token.

If this does not help, let me know the app client id.

A

Hi @Rob Fuller did you create the JWT Token and tie it to the application correctly? For instance, your JWT can be tied to the Application Client ID or you can choose all applications for your organization and make sure it's either for Sandbox or the Production environment and then use those credentials for RC_CLIENT_ID, RC_CLIENT_SECRET and RC_SERVER_URL.

R

Hey @Suyash Joshi. Thank you for the note. I did double check this by downloading the JSON file in the credentials area of the App that I created. I double checked that the JWT id listed there does match the JWT id that I created via the credentials. This is all in the Sandbox too.

Right now, I am just using "All Applications" to avoid any confusion while I troubleshoot the issue.

R

I verified login credentials via the JSON download on the app. I feel pretty confident about these.

I am running Python version 3.10.5 and ringcentral version 0.7.13. I did check for updates as well, but looks like that is the latest and greatest.

Client ID is sqv4GM0rTvicOlkEW_op6g


@Phong Vu sorry, forgot to tag you on my reply

E

Hey @Rob Fuller

I suspect that the problem might be with the credentials. I copied the same code above and used it with my credentials and it worked.


E

Also @Rob Fuller Unauthorized for this grant type means that your app key and secret are correct but the problem is with the JWT token.

E

@Rob Fuller also make sure you changed the auth to JWT in your dev account.

R

@Elie Kozah thanks for the note. I did a quick compare today between the token shown in credentials and the one show on my account and confirmed they are the same.

Maybe a formatting issue? I have '"Appname":"key"' in my .env file.

I do see without App Name, I get "Invalid assertion signature". I assume I am formatting it correct because with the App name, i get the Unauthorized error.

R

Good to understand that side of it.

R

account-access.pngYea, I had switch it to Password for a bit to make sure something was working, but switched it back to JWT once I confirmed that the password worked.

Phong1426275020
Rank
Userlevel 1

I use the admin tool to login your developer portal to get the app credentials and JWT token and try on my code. Works like a charm. So try this exact code.

from ringcentral import SDK


RINGCENTRAL_CLIENTID = 'Copy/paste app client id here'
RINGCENTRAL_CLIENTSECRET =  'Copy/paste app client secret here' 
RINGCENTRAL_SERVER = 'https://platform.devtest.ringcentral.com'

rcsdk = SDK( RINGCENTRAL_CLIENTID, RINGCENTRAL_CLIENTSECRET, RINGCENTRAL_SERVER)
platform = rcsdk.platform()

JWT_TOKEN = 'Copy/paste your JWT token here'

try:
    platform.login( jwt=JWT_TOKEN )
    params = {
        'dateFrom': "2022-07-01T00:00:00.000Z"
        }
    resp = platform.get('/restapi/v1.0/account/~/extension/~/message-store', params)
    for record in resp.json().records:
        print ("Message type: " + record.type)
except Exception as e:
    print ("Unable to authenticate to platform. Check credentials." + str(e))
R

Still running into the error.

I created a new project and new virtual environment. Installed RingCentral and updates to PIP. Same error.

I went onto one of my virtual machines. Ran the script like you show and got the same error. Verified I am running Python V3.8.10 and RingCentral 0.7.13 on that VM as well. (Ubuntu 22.2)

I do see your successful attempts per the dashboard and I see my failed attempts. virtual-machine.png

R

In the JSON example from the credentials page, it shows "JWT Label" : "Token" is this the correct format? I am wondering if this is just a setup error since you have it working.


**Update, this is the incorrect format. Should not include the JWT label. Thanks for all the feedback

R

I found if you forget to update your server settings to the production server, you will also get this error when attempting to use the production token.

Ironically, the production Client ID, production Client Secret, and the production user name will also work with the Sandbox JWT on the sandbox server. Not sure this if only occurs after you have achieved Production Status or if that would have worked earlier as well.

This issue does still use the Sandbox phone number though. This made it a little confusing for a second until I remember to switch servers.

A

Ironically, the production Client ID, production Client Secret, and the production user name will also work with the Sandbox JWT on the sandbox server. Not sure this if only occurs after you have achieved Production Status or if that would have worked earlier as well.

this issue could be a bug, paging @Byrne Reese here for input.

Reply


Terms & ConditionsCookie settings
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice