question

Kumar avatar image
Kumar asked Byrne Reese answered

Getting Unauthorized grant type exception "OAU-250"

Created the application and trying to test the application. But while calling:

https://platform.devtest.ringcentral.com/restapi/oauth/token authentication api, getting:

400 Bad Request with Unsupported grant type

"errorCode" : "OAU-250", in response.. no Idea what's wrong this time

getting started
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Byrne Reese avatar image
Byrne Reese answered

Authentication is an essential part of every application as we all know, so encountering problems during this phase can be especially frustrating. If you are feeling frustrating, let me begin by apologizing for the difficulty you are having.

And now, let's turn our attention to how we can overcome this hurdle and get your app connecting to the platform successfully for the first time. If you are receiving the following error:

 {
     "error": "invalid_request",
     "errors": [{
         "errorCode": "OAU-250",
         "message": "Unsupported grant type"
     }],
     "error_description": "Unsupported grant type"
 }

Then there are a small set of remedies that will help you get back on track.

To begin, let's get back to basics: what is a "grant type?" A grant type is an OAuth term and refers to the method by which an access token is granted to your application. In layman's terms, a grant type is an authentication methodology. At the time of this answer being written, RingCentral documents only two grant types. They are:

  • JWT

  • Authorization code flow

There is a third still in use by many developers called "ROPC" (Resource Owner Password Credential) or more informally called "password" auth. This is currently deprecated and will be removed from the platform on March 31, 2024.

So why might you be getting an "unsupported grant type" error. Here are three common causes for this error.

Your application is not configured properly

The first and easiest thing for you to check is that the auth method you implemented corresponds with the auth method selected for your application. Login to the Developer Console, select your app, and click "Settings." Scroll down to the "Auth" section and see what is selected there. Then check your code to see what auth method you have implemented.

Compare your code with what you see in our quick start exercises to see which you are currently utilizing.

If your code is out-of-sync with your config, change your settings and try to auth again.

Your request is not transmitted properly

One mistake developers can make is by calling the OAuth token endpoint incorrectly.

  1. Calls to the OAuth token endpoint must utilize the "POST" HTTP method.

  2. The request payload should be transmitted in the body of the request, and NOT via the querystring.

  3. The request must contain an HTTP Authorization header that properly encodes your app's client ID and secret

Let's look at an example:

 POST /restapi/oauth/token?username=12XXXXXXX&password=xzyz**@9779
    &extension=xxx&grant_type=password HTTP/1.1
 Host: platform.ringcentral.com
 Accept: application/json
 Content-Type: application/x-www-form-urlencoded

The above is incorrect for two reasons. First, the auth credentials are being transmitted in the URL. Second, the request is missing an Authorization header. The proper formation of this request would be:

 POST /restapi/oauth/token HTTP/1.1
 Host: platform.ringcentral.com
 Accept: application/json
 Content-Type: application/x-www-form-urlencoded
 Authorization: Basic cmVsLWFsbC1wZXJtaXNzaWXFjMmpRZmlQcnlkSUkweE92QQ==
    
 username=12XXXXXXX&password=xzyz**@9779&extension=xxx&grant_type=password

You are calling the wrong endpoint

The following request looks right. The request is being transmitted in the request payload, the right HTTP method is being used, and an Authorization header is being transmitted.

 POST /restapi/oauth/token HTTP/1.1
 Content-type: application/x-www-form-urlencoded
 Authorization: Basic 
    
 {
   "grant_type": "authorization_code",
   "code": ,
   "client_id": "",
   "redirect_uri": ""
 }

But if you look closely, an authorization code is being used, which means that the API call above is the second step of the authentication flow. In this step, one is exchanging an authorization code for an access token, which is done by calling the `/authorize` endpoint (not the `/token` endpoint).

The fix is to change the URL you are posting to, like so:

 POST /restapi/oauth/authorize HTTP/1.1
 Content-type: application/x-www-form-urlencoded
 Authorization: Basic 
    
 {
   "grant_type": "authorization_code",
   "code": ,
   "client_id": "",
   "redirect_uri": ""
 }
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anirban avatar image
Anirban answered

This type of issues are common and reported multiple times in community previously.

If you're using an OAuth 2.0 request using the OAuth 2.0 password grant (grant_type=password), then your application you created should in the RingCentral Developer Portal should be Password flow .

Please note, application created with different platform type will have different grant_type.

For example, application created for platform type = browser based will have grant_type=Authorization Code | Implicit | Refresh Access Token where as application for platform type = Desktop/Windows will have grant_type= Authorization Code | Password flow |Refresh Access Token

So in order to use (grant_type=password) you need to have application created with platform type that support Password flow

Here is wonderful way it has answered with animated Gif image that will easily help you to understand the proccess: https://stackoverflow.com/questions/47692828/ringcentral-auth-token-failed-in-curl-call-unauthorized-for-this-grant-type/47745436#47745436

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys