I'm trying to get an access token for a new sandbox application using JWT, however the REST API keeps responding with OAU-153 Invalid Client ID. The client ID and client secret are definitely correct, as is my JWT token. Not sure what I'm missing here.
$RC_SERVER_URL="https://platform.devtest.ringcentral.com"
$RC_CLIENT_ID="T2V..." # Copied from the app I created
$RC_CLIENT_SECRET="v8dN..." # Copied from the app I created
$RC_JWT_TOKEN = "eyJraW..." # Created under My Account > Credentials
# as per https://developers.ringcentral.com/guide/authentication/jwt-flow#technical-discussion
$splat = @{
Method = "POST"
Uri = $RC_SERVER_URL + "/restapi/oauth/token"
headers = @{
ContentType = 'application/x-www-form-urlencoded; charset=UTF-8'
Accept = 'application/json'
Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("${RC_CLIENT_ID}:${RC_CLIENT_SECRET}"))
}
body = @{
grant_type = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
assertion = $RC_JWT_TOKEN
}
}
$Response = Invoke-RestMethod @splat
PS C:\scripts\Get-RingCentralData> $Response = Invoke-RestMethod @splat
Invoke-RestMethod : {
"error" : "invalid_client",
"errors" : [ {
"errorCode" : "OAU-153",
"message" : "Invalid client: T2VHgSXZQ92J0lu_htr0yQ",
"parameters" : [ {
"parameterName" : "client_id",
"parameterValue" : "T2VHgSXZQ92J0lu_htr0yQ"
} ]
} ],
"error_description" : "Invalid client: T2VHgSXZQ92J0lu_htr0yQ"
}
At line:1 char:13
+ $Response = Invoke-RestMethod @splat
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
The one thing I find very confusing is when I go to Console > Apps > My New App > Credentials, the "User Credentials" section contains the dev environment's admin account with extension 101, and the info box says "use these credentials to test your app!"... well, I don't have access to that account, I want to use my own JWT to test the app. Is this what's causing me issues? Or is this just RingCentral trying to be "convenient" by showing me some credentials I could test with?
Any assistance would be greatly appreciated!
As I said, I don't work on Powershell so I cannot really test your code. However, I wrote this PHP lib for authenticating with JWT token and I just test the code with your app credentials and the JWT token and it works well. So I am not sure what is wrong in your environment.
https://github.com/PacoVu/authentication-jwt-flow-php
If you want to verify the app credentials and JWT token, you can clone the project and run the PHP code to test. And compare the authenticate params with your Powershell code.
Thanks for the github repo - it looks like I am doing everything the same. I just changed the app from Public to Private, and without changing anything else, it suddenly started working. Not sure what the root cause was, unfortunately.
As always, thanks for the assistance!
It looks like you created a new JWT token. Make sure you copy the new JWT token and also double check the app client id and client secret as it works for you earlier.
The section describes the dev environment contains the instruction for using username and password authentication. Since you are using the JWT token, you. can just ignore it.
Appreciate the quick responses, Phong.
I just double checked and the JWT, client ID and client secret are all correct for my app. My JWT is authorized for all apps in the environment and has no expiry date. The app is currently set to Public, but I've tried it as Private as well and got the same result.
FYI I never fully got this working - the OAU-153 error is what I started getting once I resolved that 502 bad gateway issue :)
A new Community is coming to RingCentral!
Posts are currently read-only as we transition into our new platform.We thank you for your patience
during this downtime.
Try Workflow Builder
Did you know you can easily automate tasks like responding to SMS, team messages, and more? Plus it's included with RingCentral Video and RingEX plans!Try RingCentral Workflow Builder
