To homepage To homepage
Question

User authorization failure with error "Invalid resource owner credentials"

  • 7 October 2020
  • 6 replies
  • 932 views
J

Our company sandbox has graduated and been transited into a production environment. However running the same application against the production environment produces authorization failures. The production account credentials only works for the default Admin user and it fails on all other users with the following error:

I have updated the RingCentralClient to use production Url.


12:49:19.48 [TP03] RingCentralClient: !! Error !! Initialize: Exception caught - message=Response:

StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:

{

Connection: keep-alive

X-Application-Context: application:8080

RCRequestId: 8cc942f8-082e-11eb-8cdc-005056bbb2d3

Pragma: no-cache

AceRoutingKey: sjc01-c01-ace03.004a3340-fc99-11ea-a999-005056973b9b

RoutingKey: IAD01P12

Cache-Control: no-store

Date: Tue, 06 Oct 2020 23:49:19 GMT

Server: nginx

Content-Length: 199

Content-Language: en

Content-Type: application/json; charset=utf-8

}

Content: {

"error" : "invalid_grant",

"errors" : [ {

"errorCode" : "OAU-140",

"message" : "Invalid resource owner credentials"

} ],

"error_description" : "Invalid resource owner credentials"

}


Could you please what I have done wrong?


Any help is appreciated!

6 replies

J

Here is the authorization code:


//Client ID, Client secret, User Name, Password are copied over from the production environment //under the app account. Ext number such as 101, 102 etc.

m_log.Trace($"Initialize: Create RestClient for user={m_username} extension={m_extensionNumber} clientId={m_clientId}");

m_restClient = new RestClient(m_clientId, m_clientSecret, true);


m_log.Trace($"Initialize: Authorize for user={m_username} extension={m_extensionNumber}");

var tokenInfo = await m_restClient.Authorize(m_username, m_extensionNumber, m_password);

Phong1426275020
Rank
Userlevel 1

What is your app client id?

J

@Phong Vu This is the app client id: P5AyjJlYRYGfF1kcXTDlXg. Thanks!

Phong1426275020
Rank
Userlevel 1

Your app looks ok. And based on the app analytics, I saw that you have some successful API call on the production account. This means that you could login with some users and failed with some users.

When calling this line

var tokenInfo = await m_restClient.Authorize(m_username, m_extensionNumber, m_password);

Do you use the main company phone number and the extension number? Or do you use the extension's direct phone number e.g. the extension "102" has this number ending with xxx-3436?

Thing for you to check, login the service web with the user credentials you use to login the app. If that does not work, it really means you are using the wrong username and password combination.

J

@Phong Vu Thank you for the quick response! It turns out that the user password has to be the same as the password of the app account. Once we updated the user password to that, it all starts working! Our application made the assumption that all user password should be the same as the main company number password. So my question is that why we cannot use the main company number/password to log into all extension as it would be much simpler for the application if it need to maintain more than one user? Thanks

Phong1426275020
Rank
Userlevel 1

Yes, you can login your app using the main company number, the extension number and the password belong to that extension. I don't understand your assumption that all user password should be the same. Each user should set their own password and shouldn't it be different from each other as a good practice?

Believe me, 10/10 always claims that they login with correct username and password and just find out at the end they were wrong or mistaken.

Reply


Terms & ConditionsCookie settings
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice