RingCentral Auth Token Failed in Curl Call - “Unauthorized for this grant type”

浪尽此生 提交于 2019-12-13 00:33:55

问题


I am trying to get an auth token from the RingCentral auth token /restapi/oauth/token endpoint with cURL but it fails with the error:

400 Bad Request

{
    "error": "unauthorized_client",
    "error_description": "Unauthorized for this grant type",
    "errors": [
        {
            "errorCode": "OAU-251",
            "message": "Unauthorized for this grant type"
        }
    ]
}

This is what I have tried:

curl -X POST "https://platform.devtest.ringcentral.com/restapi/oauth/token" \
-H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded" \
-u "clientId:clientpassword" \
-d "username=username&password=password&extension=101&grant_type=password"

回答1:


OAuth 2.0 Password Flow

You're making an OAuth 2.0 request using the OAuth 2.0 password grant (grant_type=password), also known as "Password flow" in the RingCentral Developer Portal and formally as the "Resource Owner Password Credentials" grant in the OAuth 2.0 IETF RFC 6749 standard.

In order to use the password flow, your application must support the Password flow Authorization Type as sown in the screenshots below.

To use this flow, your app needs to fulfill two criteria:

  • Be able to protect the client secret: application credentials include a client id and a client secret. For the password flow, the client secret must be protected from end users, e.g. on a secure server app. It cannot be used with a browser-only client-side app because end-users would be able to inspect and retrieve the client secret.
  • Be a private app: the password flow requires the app owner to have access to the resource owner's (aka end user) password. Because of this, it can only be used with private apps where the app owner and the resource owner are in the same organization. It is not supported for public apps because passwords should not be made available app developers.

To use this grant type, you need to make sure your app is configured to have the Password flow grant in the RingCentral Developer Portal as shown below:

Create App Wizard

When creating an app, make sure to ensure "Password flow" is selected. Your options are based on on the "Application type" and "Platform type" for your app, which in turn are related to the security specifications of your app.

Here is an animated GIF showing various app to OAuth grant settings.

App Settings Page

To verify an existing app has "Password flow" enabled, go to the app's "Settings" page's "OAuth Settings" section and verify Password flow is present.

Here's some information on the password grant in IETF RFC 6749:

https://tools.ietf.org/html/rfc6749#section-1.3.3



来源:https://stackoverflow.com/questions/47692828/ringcentral-auth-token-failed-in-curl-call-unauthorized-for-this-grant-type

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!