Error "Grant credentials are invalid" when requesting token
Hi Box support team,
when requesting an access token for a custom app via client credentials flow I get the results shown in the screenshot.
I enabled the 2FA, got the client_secret, the user_id and still get this error message.
So what is missing?
-
Hi Endress,
It's working on my side...
Let's check your app configurations.
The most common case is to forget to authorize the applications. Go to you developer console, open your application and flip to the authorizations tab.
Here is mine:
If your application hasn't been authorized you can submit it for authorization, and then the administrator needs to approve it.
If that person is you, this is what it looks like:
Now if you are using a recently created free account, you will not have access to the administration console for the moment.
Read this forum post to understand why.
In that case your best option is to create another app using OAuth2.0, while we resolve the issue.
-
Hi Endress,
Yes, that would be the case, however if your account wasn't a developer account by then, this might not work.
Let's try something, this is my free developer account:
As you can see in the bottom I have both Admin Console and Dev Console, if you don't have the admin then you can't approve the authorization.
The other option is to use OAuth for the moment, these apps do not need to be authorized since they are limited by the user security context.
-
Hi Rui,
the Account has been a developer account from the beginning and it was before March 9. So I should see the tab to submit an authorization request.
The way I understand it, it isn't neccessary for me to have an admin account as long as the admin authorizes my request.
The problem is that your customers use box to share data, assuming that developers are able to automate the processes as it is pictured out.
This is obviously not working, although my account is none of those affected of the recent restrictions so let me kindly ask to open a ticket to solve this issue since the website is also lacking a functionality to contact support.
-
Hi Endress,
My recommendation at this point is that you follow the steps on this post, and use OAuth2 for now. This will get you unstuck and allow you to continue to developer your application and explore the API via postman, per your screen shot.
In fact we integrated OAuth in postman with a few scripts, that manage the authorization process, you can take a look here.
I will also move this post to the support forum, perhaps the support folks can help you.
Best regards
Please sign in to leave a comment.
Comments
6 comments