API [JWT] - Cannot Obtain Token Based on Enterprise Configuration for Your App

When attempting to obtain a token via Server Authentication, the following error message is returned:


  "error": "invalid_request",
  "error_description": "Cannot obtain user token based on the enterprise configuration for your app"





Any custom application making API calls to obtain a user token/client (and not a service account or enterprise token) using Server Authentication.



Resolution Steps


Ensure the proper scopes are enabled for the application.


Root Cause


To obtain a token for a user through JWT Authentication, two items are required:


  1. The "Generate user access tokens" scope is enabled in the application's configuration page.
  2. If the user ID passed in the JWT is an app user, "Application Access" is required (also on the application's configuration page). If the user ID passed in the JWT is a managed user, "Enterprise Access" is required.

Make sure to re-authorize the application in the enterprise's Administrator Console after making any changes to a Server Authentication app.

Version history
Revision #:
1 of 1
Last update:
‎05-04-2018 10:48 AM
Updated by:
Labels (2)

Users online (1,523)