"errorCode" : "OAU-153", "message" : "Invalid client: ", "parameters" :

  • 1
  • Problem
  • Updated 2 months ago
I am trying Password Flow...I'm adapting the code to Coldfusion but I am getting the Invalid Cilent error.

1) My app is setup for Password Flow.
2) I am using username in format of: +15559991212
3) Password was reset and changed successfully to confirm that's correct.
4) Client Id is copied right out of the Credentials in my Developer Account and encoded in Base64.
5) Secret key is copied right out of Credentials in my Developer Account.

My Code:

<cfset authorization = client_id_base64 & ":" & client_secret /> 
                
<cfhttp
    method="post"
    url="https://platform.devtest.ringcentral.com/restapi/oauth/token";
    resolveurl="yes"
    getasbinary="never"
    >

<cfhttpparam type="header" name="content-type" value="application/x-www-form-urlencoded">
<cfhttpparam type="header" name="accept" value="application/json">
<cfhttpparam type="header" name="authorization" value="#authorization#">

<cfhttpparam type="url" name="username" value="#username#">
<cfhttpparam type="url" name="password" value="#password#">
<cfhttpparam type="url" name="extension" value="#extension#">
<cfhttpparam type="url" name="grant_type" value="password">


</cfhttp>

<cfoutput>#cfhttp.FileContent#</cfoutput>

<cfabort>
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
  • frustrated....

Posted 1 year ago

  • 1
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,994 Points 2k badge 2x thumb
Authorization header should be like BASE64(client_id ":" client_secret). It doesn't seem from your code that you are building it properly (if I am not mistaken you encode only client_id with Base64 and then append secret to it as is.
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
So you are saying that the bas64 needs to be applied to both together...another rep for Ringcentral said that you base64 the client_id and then put a colon and then leave the client secret the same which didn't make sense to me frankly.
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
Also, another rep said a conflicting thing that you don't need to base64 on Password Flow....so there is a lot of confusion between support on how this API is constructed.
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,994 Points 2k badge 2x thumb
Jason, I don't know who told you that and apologize for misunderstanding. But actually this part is explained in multiple places in our documentation (for example here: http://ringcentral-api-docs.readthedocs.io/en/latest/oauth/#client-authentication) as well as in other sources explaining OAuth 2.0 protocol. It is just a standard authorization header format for HTTP Basic authentication.
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
Ok...I appreciate the direct link to what is right...

To confirm that I did my Authorization Header correctly, here is my code and I will explain it:

<cfset authorization = client_id & ":" & client_secret />
<cfset authorization = "Basic " & ToBase64(authorization) />

The first line in Coldfusion is saying this:

authorization = the base64 of client_id:client_secret

The second line says add the word "Basic" plus a space to the front of the authorization variable above, so if you outputted this variable, it would look like this:

Basic THISISTHEBASE64OFCLIENT_ID:CLIENT_SECRET

Assuming I did that right (which I assume I did since the error changed), I got this:

"errorCode" : "OAU-140", "message" : "Invalid resource owner credentials"

This implies invalid username or password.  My username is the Development phone number in my console and my password (which I believe I'm right) but I cannot verify it since it's not readable.

Jason
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,974 Points 2k badge 2x thumb
Jason, Authorization header is correct now. I assume that since you are connecting to Sandbox environment you will need your sandbox username (phone number) and password. You can reset password if you want in application dashboard on developer portal.
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
Ok.

Username is in this format: +15556661212 (the real number was obtained from my Sandbox credentials section in my developer section.

Password: I reset the password to another password and updated my code to make sure.

Same error.
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
FYI...also I double checked what my keys are after Base64 by manually checking it on websites suggested on this forum and it matched what Coldfusion is doing, so I know my header is right.
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,974 Points 2k badge 2x thumb
Can you provide the value of RCRequestId header which was returned in your error response? I will check backend logs.
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
This is what is returned in entirety..not sure if that's what you want:

{ "error" : "invalid_grant", "error_description" : "Invalid resource owner credentials", "errors" : [ { "errorCode" : "OAU-140", "message" : "Invalid resource owner credentials" } ] }
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,974 Points 2k badge 2x thumb
I need HTTP response header. This part is HTTP body. 
Photo of Anton Nikitin

Anton Nikitin, Official Rep

  • 2,974 Points 2k badge 2x thumb
Nevermind I found your request. OAuth 2.0 protocol requires that oauth/token request parameters are passed via HTTP body not query string. In your case you are doing POST with query string parameters.
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
I figured it out...tried to post the Coldfusion code for Password Flow, but it wouldn't post.
Photo of suresh ketha

suresh ketha

  • 60 Points
please put
reasn for error
(Edited)
Photo of Paul McLellan

Paul McLellan

  • 100 Points 100 badge 2x thumb
Jason - please share what you figured out. I have the same code and same error and am going crazy here.
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
You are using Coldfusion, correct?
Photo of Paul McLellan

Paul McLellan

  • 100 Points 100 badge 2x thumb
Yes, sir! 2016 w/MySQL.

I have near identical code and am getting this response:
{ "error" : "invalid_grant", "error_description" : "Invalid resource owner credentials", "errors" : [ { "errorCode" : "OAU-140", "message" : "Invalid resource owner credentials" } ] }


<cfset authorization = client_id & ":" & secret_key />
<cfset authorization = "Basic " & ToBase64(authorization) />

<cfhttp url="https://platform.devtest.ringcentral.com/restapi/oauth/token"; method="POST" username="#client_id#" password="#secret_key#" result="result" timeout="60">
<cfhttpparam type="header" name="Content-Type" value="application/x-www-form-urlencoded">
<cfhttpparam type="header" name="Accept" value="application/json">
<cfhttpparam type="header" name="Authorization" value="#authorization#">
<cfhttpparam type="body" value="grant_type=password&username=#email#&extension=#extension#password=#password#">
</cfhttp>

Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
This is mine:
Photo of Jason

Jason

  • 480 Points 250 badge 2x thumb
<cfset base_url = "https://platform.devtest.ringcentral.com/restapi/"; />

<cfset client_id = "ID" />
<cfset client_secret = "SECRET" />
</cfif>

<cfset password = "passwordforExtention" />
<cfset extension = "extension" />

<cfset redirect_uri = "myserverRedirect" />

<cfset authorization = client_id & ":" & client_secret />
<cfset authorization = "Basic " & ToBase64(authorization) />

<cfset body = "grant_type=password&username=#username#&extension=#extension#&password=#password#" />                     

<cfhttp
    method="post"
    url="#base_url#oauth/token"
resolveurl="no"
    getasbinary="never"
    charset="utf-8"
    
    >

<cfhttpparam type="header" name="content-type" value="application/x-www-form-urlencoded">
<cfhttpparam type="header" name="authorization" value="#authorization#">

<cfhttpparam type="body" value="#body#">


</cfhttp>


Photo of Paul McLellan

Paul McLellan

  • 100 Points 100 badge 2x thumb
Hmm....  all I see is "This is mine" -- no code. ?
Photo of Paul McLellan

Paul McLellan

  • 100 Points 100 badge 2x thumb
nvm - I see the 2nd post. Iet me try that syntax...
Photo of Paul McLellan

Paul McLellan

  • 100 Points 100 badge 2x thumb
Ugh... still the same error. :|  For Username/Password, are you doing the credentials that you login to the Dev site with? ie - my email and password 
Photo of Paul McLellan

Paul McLellan

  • 100 Points 100 badge 2x thumb
Ok, maybe this will end up being the biggest facepalm, but after resetting the PW on Credentials : User Account, it worked! Oddly that password is different than the login password. Wow.... well, thanks, Jason - appreciate the help.