Skip to main content
Solved

Invalid_Client error when trying to get a token


Forum|alt.badge.img

We use https://[tenant].acumatica.com/identity/connect/authorize to get an authorization code which works fine then we call
https://[tenant].acumatica.com/identity/connect/token
endpoint with below params:
grant_type: authorization_code
client_id: [client id]
client_secret: [client secret]
code: (the value from "code" query parameter from the first request respomse)
redirect_uri: https://[local].ngrok.io/accumatica/access-token

We get a bad request with error message:

{
    "error": "invalid_client"
}

What could be the reason?

Best answer by ericyz

Yes, Chris. The issue was we need to use the same redirect URI for both authorization code request and token request. Acumatica should work on providing better error messages though. We found the error the hard way

View original

Marco Villasenor
Jr Varsity II
Forum|alt.badge.img+2

If you have checked the obvious causes like typos in the client_id and secret, and confirm you are following the correct OAuth flow, documented in the Acumatica reference (which I think you already have), the only other thing I have seen is that the connected application has an incorrect flow configured. Check it’s set like this:

 


Forum|alt.badge.img
  • Jr Varsity II
  • June 10, 2022

I checked for typos, encoded the URL for the @ sign in the client id but still the same result… I made sure I use the Authorization Code flow. Strange thing is /identity/connect/authorize call works with the same client id - /identity/connect/token call gives the client_id error and no matter what I put or dont put in client ID I always get this error


Marco Villasenor
Jr Varsity II
Forum|alt.badge.img+2

Could you share the postman console output of the /identity/connect/authorize call? Just redact the secret but leave the cliend_id and other values please


Forum|alt.badge.img
  • Jr Varsity II
  • June 10, 2022

here is the authorize request, the redirect URI receives the code - the result body if from our test web app

will paste /identity/connect/token call after this - 

 

Added the authorization code I received from first call

 


Marco Villasenor
Jr Varsity II
Forum|alt.badge.img+2

Your token request should look like this:

Note the values are in the body, Content-Type header is set to “application/x-www-form-urlencoded” and you need to send grant_type, redirect_uri and code (which is the one you got from the authorize call) along with your client_id and secret.

I don’t think it will be easy to get the code the way you are calling the endpoints directly, For the Authorization code flow, you need to actually open the authorize URL in the browser so the user can log in and grant authorization to the client, then Acumatica will call the redirect url with the code as a query parameter:

You can test this flow by configuring postman in its built-in authorization section. Postman handles this directly, opens the URL and then reads the code that is sent to it’s internal redirect URL. It then calls the token endpoint setting the client credentials and the received code.


If you need to get a token without showing a login window to the user, you can use the Resource Owner Password Credentials Flow instead.

That flow returns a token directly as a response to the request, but it’s linked to a user session so you should be careful to logout after you have finished using the API and reuse connections to avoid reaching the instance’s limit.


Forum|alt.badge.img
  • Jr Varsity II
  • June 13, 2022

We tried all the suggestions but still have the same error. Whether we do it from postman or via code we still get the “invalid_client” error. We are not concerned with the browser redirect and we are ok with it. Just need to get pass this error as we have a ton of work to do for integration

Any other suggestions?


Marco Villasenor
Jr Varsity II
Forum|alt.badge.img+2

What I suggested are the correct and standard authentication flow steps. If you need to use that type of flow I have no other ideas but to troubleshoot each step.

If you share the complete capture of each request and its response (either in this thread or in a direct message) I could take a look and give you some more pointers based on what I see there.


Forum|alt.badge.img
  • Jr Varsity II
  • June 14, 2022

Thank you Marco, I sent you a private message


Chris Hackett
Community Manager
Forum|alt.badge.img
  • Acumatica Community Manager
  • July 25, 2022

Hi @ericyz - were you able to find a solution for your issue? Thank you!


Forum|alt.badge.img
  • Jr Varsity II
  • July 26, 2022

Yes, Chris. The issue was we need to use the same redirect URI for both authorization code request and token request. Acumatica should work on providing better error messages though. We found the error the hard way


  • Freshman I
  • September 23, 2022

Hi, I’m running into a similar issue when using the Python Requests library. I tried following the steps above, but I’m still running into issues retrieving the Access and Refresh Token. I am able to get this to work with Postman using the same parameters.

 

 


  • Freshman I
  • September 23, 2022

I was able to figure it out. Sharing the correct code for others that might need it. I needed to set the payload dictionary to the data parameter.

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings