Error: Grant credentials are invalid
Hi,
I have created a Client Grant type application in our company Box application.
When trying to connect to it, I am getting following error:
curl -L -X POST "https://<companyboxurl>/oauth2/token"
-H "Content-Type: application/x-www-form-urlencoded"
--data-urlencode "client_id=<client_id>"
--data-urlencode "client_secret=<client_secret>"
--data-urlencode "grant_type=client_credentials"
--data-urlencode "box_subject_type=enterprise"
--data-urlencode "box_subject_id=<enterprise_id>"
On trying this, I am getting the below error:
{"error":"invalid_grant","error_description":"Grant credentials are invalid"}
Can you please let me know, what I might be missing.
-
Hey Rathin,
Thank you for providing that information! It does appear this is the bug at work, but I can quickly help you work around it. Can you please tell me what the desired application access is for this app (i.e. app only or app + enterprise)?
Best,
Kourtney, Box Developer Advocate
-
Hi Kourtney,
Thanks for quick response.
I am building a backend application, which will be uploading some files to box folders using BOX API. The application will have no access to website or redirect url.
So achieve this, I am trying the option of client grant, using client id and client secret.
-
Hey Rathin,
Apologies my question was not clear enough-- which option under the configuration tab did you want set for the application access? The options are either app only or app + enterprise. The bug is affecting the selection not being flagged on the backend which is why you are getting this error.
Best,
Kourtney
-
Hey Eric -- Can you please provide me with your application's client ID and which option under the configuration tab you want set for the application access. The options are either app only or app + enterprise.
Best,
Kourtney, Box Developer Advocate
-
I was able to get this working using the Authorization Code flow, but when I try using Client Credentials, I'm able to get an access token but using it results in a 404 Error. Do I need to request enterprise access even though my workplace has an enterprise account? I ask because if I were to try and use a console application to ultimately do what we need, my best bet is likely to convert my Authorization Code function into a web service the Console application can call in order to successfully make an API call itself.
-
@Hirosuke: Thank you for confirming! Please reauthorize your app in the admin console and try again now.
@Ruben: This is already selected appropriately on the backend so there seems to be another issue with your request. Can you please confirm that the client id and client secret you're sending are correct and associated with the same application?
@Arturo: This authentication type will obtain a token for the application's service account. A 404 indicates that the user associated with your access token does not have access to the content you're trying to call. If you're not sure who your access token is associated with you can use the get current user endpoint. You will either need to obtain an access token for a user that already has access to the content or collaborate in your service account to the content.
-
@Namrata: If you would like to use a, client credentials grant as shown in the first post of this thread, you will need to create an app with the auth type JWT with client credentials grant. Otherwise, the only way the invalid_credentials error can surface in OAuth 2 is if the email and password combination entered is invalid.
@Box User: Your application does not look affected by the bug in question. I'd start by verifying that the client ID and secret are both correct and for the same application.
Please sign in to leave a comment.
Comments
55 comments