Invalid client credentials
Hi I am having issues with authentication I have followed the guide here https://developer.box.com/guides/authentication/client-credentials/ and I am trying to make the request with python but have also tried curl. I keep getting the response
{'error': 'invalid_grant', 'error_description': 'Grant credentials are invalid'}
This is the request I am sending:
import requests
data = {
'client_id': 'vm4hqunwv74xs4je4d2uexbzoeyi9clt',
'client_secret': 'client_secret',
'grant_type': 'client_credentials',
'box_subject_type': 'user',
'box_subject_id': 'XXXXXXXXXX3',
}headers={
"Content-Type": "application/x-www-form-urlencoded"
}requests.post('https://api.box.com/oauth2/token', headers=headers, data=data).json()
I am using the user id from the app info page.
Thanks
-
Hi Micheal,
I've used your exact same code and was successful as expected.
import requests
data = {
'client_id': 'h5z4c7jqyn95dh3n06tv92x3ceztj0qi',
'client_secret': 'xxx',
'grant_type': 'client_credentials',
'box_subject_type': 'user',
'box_subject_id': '1234',
}
headers={
"Content-Type": "application/x-www-form-urlencoded"
}
result= requests.post('https://api.box.com/oauth2/token', headers=headers, data=data).json()
print(result)
{'access_token': 'oQXf4...', 'expires_in': 3992, 'restricted_to': [], 'token_type': 'bearer'}So the only thing I can think of is the app configuration:
So first make sure the app is of the correct type, your client secret is valid/the same as in your code and we often forget to re-authorize the app with the admin when we make changes. So check your authorization tab to see if the administrator has authorized your app:
If you are the administrator, then navigate to your administration console, custom apps manager and check or approve your app:
Let us know if this helps.
Cheers
-
Hi, Thanks for the reply, I have followed all the steps you have laid out and I am still having the same issue, double checked the client id and client secret and they match. But if I set the box_subject_type to 'enterprise' and use the enterprise id, I get a successful login and get a bearer token, but when logged in as the enterprise, if I go to list files in the root directory I get an empty response even though there are files in the root dir. Also it does work if I use the developer token as the bearer token and I can see all files and folders in the root dir. Any other thoughts? Does Box themselves have to authorize access to an api account?
Thank You.
-
We are considering too many variables at the same time.
First the client grant for a user, please check if you have, under the authentication these options:
if this doesn't work please send me all your app configurations so I can take a look,
Do not forget to re-authorize the app with the admin when you change something.
The second issue, when you mention "but when logged in as the enterprise, if I go to list files in the root directory I get an empty response even though there are files in the root dir", that is expected, the question is which root dir? (each user and app has one)
When you are using the enterprise id it is the root dir of the app, when you are using the user, it is the root dir of that specific user.
Let us know if this helps.
Cheers
投稿コメントは受け付けていません。
コメント
5件のコメント