To homepage To homepage
Question

Converting from password to JWT using API app - Unauthorized for this grant type

  • 27 March 2024
  • 5 replies
  • 90 views
S

Although clearly this has been out there for some time, we weren't aware of the JWT requirements, so we have been trying in the last day to get this working for our client. We don't have our own RC account, and since it seems that the ability to send SMS has been removed, we can't try it on our own account. We are able to authenticate with JWT, just can't actually send an SMS message because the feature isn't available. We had the client create a new JWT application for production so that we wouldnt impact the existing password based application, but we can't even get that one to give an access token - we just get "Unauthorized for this grant type,Invalid Authorization header".

I've seen other posts suggesting that it can take some time, but it's been over 3 hours and we still can't get it to work. What other options might we have to troubleshoot this? If it helps, the clientid is aIQTZJnTatBbK49Tq5ioNd. Appreciate any tips or suggestions.

5 replies

Phong1426275020
Rank
Userlevel 1

I think you have 2 different apps and 2 different issues here.

The app name "Loglink Texting" (aIQTZJnTatBbK49Tq5ioNd) is a private app under your account which is a free-tier sandbox account. Since you don't have an associated production account, you cannot test your app in the production invironment (no production user), nor in your sandbox invironment (no longer supported SMS). So this app is not really useful.

Your customer who has a RingCentral production account cannot use the "Loglink Texting" app because the app is a private app to your sandbox account.

For this error "Unauthorized for this grant type, Invalid Authorization header". I assume that you try to authenticate your customer with their JWT token, but I don't know the app so I cannot check. Also you don't tell me how you use the JWT to get the access token so I don't know what could be wrong. Post the code (take off the real sensitive data) around your app authentication so I can help checking it.

S

Thanks Phong, but no, they have a private app that they created that we're trying to help them with, it's not our app; we created ours just to be able to test the authentication, which works fine for us in the sandbox environment, we just can't send a text to fully test it.

Since authentication works on our sandbox account, it shouldn't be code related. They have a private production app that is password based, and a new private app that we had them create for SMS and webhooks that is JWT. But whenever we try to authenticate with JWT for them on their new private app in production (just to be clear, it is using the appropriate values for their app, in terms of clientid/jwt/etc), it gives us the unauthorized message. Again though, the same code works fine for authenticating on our sandbox account; this sandbox app is useful in that we wanted to test that it works in general before having them set up a new app. I don't know if it's because they have 2 private apps, one that is now password based and one that is JWT based, or if there's something specific about this new one that is not allowing us to connect via JWT. We can certainly change the auth for the existing one, but if it doesn't work it will then break what is existing in production, which is why we had them create a new one. If it's possible to set up their existing one so it can work for either behind the scenes (we couldn't find a way to do that), then I could have them submit a ticket for that if that's the issue.

We're just sending it via API, so just like this curl:

curl --location 'https://platform.ringcentral.com/restapi/oauth/token' --header 'Content-Type: application/x-www-form-urlencoded' --header 'Authorization: Basic xxxxxxx' --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' --data-urlencode 'assertion=eyJraWQiOiI4NzYyZxxxxxxx'


Again, thanks for your help.

Phong1426275020
Rank
Userlevel 1

It's safe to share their production app client id here. If I have the app client if, I can have a look at the app settings.

S

That would be great, thank you! It's LVlfwBLzRsmMotDvPHvISA

Phong1426275020
Rank
Userlevel 1

Your customer app was still set password flow and that was the root cause of the problem. I changed the auth flow to JWT token. Give it an hour or so and try again.

Let me know if you still face problem.

Reply


Terms & ConditionsCookie settings
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice