Skip to main content

Grant credentials are invalid when refreshing token

  • November 24, 2023
  • 6 replies
  • 331 views
M
  • MBenny
  • Known Participant
  • 15 replies

Hi, @ajankowski @lsocha, @rbarbosa

I use a client credentials grant for accessing my enterprise account. I successfully called the enterprise user API using the boxsdk for python. But now when I try to call any box API using the client I get the following error.


DEBUG 2023-11-24 04:13:25,474 oauth2 Refreshing tokens. (oauth2.py:214)

INFO 2023-11-24 04:13:52,500 default_network e[36mPOST https://api.box.com/oauth2/token {'data': {'box_subject_id': '30187662834',

          'box_subject_type': 'user',

          'client_id': '---9or2',

          'client_secret': '---nKID',

          'grant_type': 'client_credentials'},

 'headers': {'User-Agent': 'box-python-sdk-3.9.2',

             'X-Box-UA': 'agent=box-python-sdk/3.9.2; env=python/3.10.12',

             'content-type': 'application/x-www-form-urlencoded'}}e[0m (default_network.py:79)

I debugged and found that the refresh call is made inside the oauth2.py file in the boxsdk.

right when this code is called under the



refresh()



access_token, refresh_token = self._refresh(access_token_to_refresh)

the exception occurs.

following are the debug terminal log


(Pdb) n

boxsdk.exception.BoxOAuthException: 

Message: Grant credentials are invalid

Status: 400

URL: https://api.box.com/oauth2/token

Method: POST

Headers: {'Date': 'Fri, 24 Nov 2023 04:13:53 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Strict-Transport-Security': 'max-age=31536000', 'Set-Cookie': 'box_visitor_id=656023014569d9.46726692; expires=Sun, 24-Nov-2024 04:13:53 GMT; Max-Age=31622400; path=/; domain=.box.com; secure; SameSite=None, bv=EUG-5666; expires=Fri, 01-Dec-2023 04:13:53 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=56; expires=Sun, 24-Nov-2024 04:13:53 GMT; Max-Age=31622400; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Cache-Control': 'no-store', 'Via': '1.1 google', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'}

> /home/midhun.benny/.local/lib/python3.10/site-packages/boxsdk/auth/oauth2.py(222)refresh()

6 replies

A
  • ajankowski Box
  • Participating Frequently
  • 21 replies
  • November 24, 2023

Hi @MBenny,


The error you are receiving, Grant credentials are invalid, is most likely due to the lack of appropriate settings in the Box application.


Please refer to the documentation here: https://github.com/box/box-python-sdk/blob/main/docs/usage/authentication.md#obtaining-user-token


To enable authorization as a user in CCG, you need to go to the application’s developer console and follow these steps:




  1. In the Configuration tab, enable the Generate user access tokens option and save the settings.




  2. In the Authorization tab, send a request for authorization to the admin.




  3. After the admin approves, CCG should work in the user’s context.




Hope this help!

Artur

M
  • MBenny
  • Author
  • Known Participant
  • 15 replies
  • November 24, 2023

I had initiated the same and got approval from the Admin as well. But how to generate the access token in the CCG auth. When I authenticate I get only oauth object and no access_token

A
  • ajankowski Box
  • Participating Frequently
  • 21 replies
  • November 24, 2023

@MBenny,


After setting up the CCGAuth client, just before your first API call, for example client.as_user(user) ,an API request is automatically made to the following endpoint POST https://api.box.com/oauth2/token to obtain the access token.


On your end, just run the code below, and everything should work, as long as you have previously enabled the Generate user access tokens option and it has been approved by an admin.


auth = CCGAuth(

    client_id="<YOUR CLIENT ID>",

    client_secret="<YOUR CLIENT SECRET>",

    user="<YOUR USER ID>"

)



client = Client(auth)



print(client.user().get())
M
  • MBenny
  • Author
  • Known Participant
  • 15 replies
  • November 27, 2023

The issue is that when order to call the file representation API and get the file representation in text format I made use of the get_representations() available in the SDK. but this will return a URL from which I used the client.make_request () but this generated a response

Expected JSON response


Hence as per the given reference

Representation


I need to pass the access token in order for thr do_request() to work.

M
  • mwoda Box
  • Participating Frequently
  • 5 replies
  • November 28, 2023

@MBenny

Can you provide an example of the code that is not working for you? If you still have issues with authentication please follow @ajankowski advice and you should be able to get access token by calling client.auth.access_token.

M
  • MBenny
  • Author
  • Known Participant
  • 15 replies
  • December 6, 2023

Thank you very much for your help. What I was missing was the piece of code that was mentioned. I am now able to get the access token using the client. auth.access_token

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings