Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status

Some time get error "Invalid grant_type parameter or parameter missing" on renew access token

Answered
Follow
New post
nao-pon

I am using refresh token to automate updating of access and refresh tokens. It works pretty well. However, sometimes the access token renewal fails and i receive the title error.

 

{"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}

 

As far as I can tell, whenever there is a failure there is a 302 redirect and the destination is "https://app.box.com//api/oauth2/token".

 

As you know, if the refresh token update fails, you will not be able to get an access token without OAuth authentication again.

How do I solve this problem?

 

Thank you in advance.

0

Comments

9 comments

Date Votes
  • nao-pon

    Subsequent investigation revealed that the refresh token was invalidated due to an error handling bug in my script. After that fix, refresh tokens are no longer lost. However, title errors can still occur. Is this error within regulation?

    0
    Comment actions Permalink
  • nao-pon

    This problem has been resolved. This is due to a GET request at the time of the redirect. Solved my script for POST redirection.

     

    Still, I don't think POST request redirection is uncommon, but is this the intended behavior given the API?

     

    Thank you very much.

    0
    Comment actions Permalink
  • Kourtney

    Hello, 

     

    There was a regression in behavior when attempting to use the https://www.box.com/api/oauth2/token URL to obtain a token. Late last night, our engineering team pushed out a fix that restored functionality to this URL.  This particular URL is a remnant of version 1 of Box's API. This v1 had an EOL announced back in October 1st of 2013 as seen here:

    https://blog.box.com/start-migrating-to-v2-of-the-content-api-deprecating-v1-in-december

     

    With this in mind, we request that you begin moving your application(s) toward using the formally supported endpoint in version 2 of our API which is https://api.box.com/oauth2/token as seen here:

    https://developer.box.com/reference/post-oauth2-token/

     

    Best, 

    Kourtney

    Box Technical Support Engineer

    0
    Comment actions Permalink
  • nao-pon

    Hello! Kourtney,

     

    Thanks to you, there are no more errors than yesterday. Also updated my app's Box API endpoint to the latest one.

    Thank you for your support.

    0
    Comment actions Permalink
  • ReinhardSeidl

    Hi Courtney,

    I've been using the api.box.com entry point for some time, but recently, have also started getting the "Invalid grant_type" error - this application runs in VBA (yes, it's pretty old..) in an Access database. It used to run fine, but now throws the "Invalid grant_type parameter or parameter missing" error. Nothing has changed in this code for a couple of years. The temp_code (from the user authentication who grants access) still works fine - the dialog comes up correctly, the "grant access to box" comes up correctly after password verification, and the returned temp code is captured. Then the code below is executed (client ID and secret not shown obviously, but they have not changed in years). Instead of getting a refresh code, it now trips on the error.

     

    Any help would be appreciated.

     

    targetURL = "https://api.box.com/oauth2/token"
    paramstr = "grant_type=authorization_code" & _
    "&code=" & Temp_Code & _
    "&client_id=[clinet id]" & _
    "&client_secret=[client secret]"

    Set HTTPReq = CreateObject("MSXML2.XMLHTTP")
    HTTPReq.Open "POST", targetURL, False
    HTTPReq.SetRequestHeader "Content-Type", "application/json"
    HTTPReq.SetRequestHeader "Accept", "application/json"

    HTTPReq.Send paramstr
    JSON_Response = HTTPReq.responseText

    'get the refresh code and new authorization

    fault_string = "error"
    found_error = InStr(1, JSON_Response, fault_string)
    If found_error > 0 Then
    MsgBox "Could not authorize, please log in and grant access to enable cloud links"

    0
    Comment actions Permalink
  • mlandgraf

     - Per Box support, this issue was caused by a change on their end. When requesting the access the token, the header's content type must be set like 

        var headers = {
            'Content-Type': 'application/x-www-form-urlencoded'
        };
    Hopefully this fixes things for you!
    0
    Comment actions Permalink
  • ReinhardSeidl

    Thanks, appreciate the heads up. 

    You're correct, that was the solution. The Box helpdesk actually also contacted me yesterday and gave the same suggestion. More support than i could have hoped for. Thanks all!

    0
    Comment actions Permalink
  • DFL

    Hi Team,

    We  are facing Same issue like "Invalid grant_type parameter or parameter missing"  . We are using latest version 2 but its getting error and unable to access the box.com. 

     

    Code:

    String urlParameters = 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer'
    + '&client_id='+ClientId+'&client_secret='+ClientSecret+'&assertion='+jwtAssertion;
    HttpRequest request = new HttpRequest();
    request.setMethod('POST');
    request.setEndpoint('https://api.box.com/oauth2/token');
    request.setBody(urlParameters);
    request.setHeader('content-type','application/json');
    Http h = new Http();
    HttpResponse response = h.send(request);

     

    We got the below response from above request. Please let me know where we have done wrong.

    Error:

    {"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}

     

    Thank You,

    Mahesh

    0
    Comment actions Permalink
  • shamshad al
    • Edited

    how to genrate access token and upload file using php

    0
    Comment actions Permalink

Please sign in to leave a comment.