Started getting "invalid_client" error today using password grant

  • 2
  • Question
  • Updated 1 week ago
I have a very basic, intranet page we use to give employees access to documents we've uploaded. It's been working very well up until today using the password grant authentication method, but now suddenly I started getting back the following in response to any request I make:

{
    "error": "invalid_client",
    "error_description": "client_id or client_secret is invalid"
}

I've checked on the api.sharefile.com account and the api keys are still in place and the values haven't changed for client id or client secret. Anybody else having similar issues? Any help would be appreciated.
Photo of Jeff Caldwell

Jeff Caldwell

  • 4 Posts
  • 1 Reply Like

Posted 10 months ago

  • 2
Photo of Dale Smith

Dale Smith, Software Engineer

  • 195 Posts
  • 31 Reply Likes
Hi Jeff, 

Would you please upload a text file to:
https://citrix.sharefile.com/r-r119d7580ad147358

with the client id and the subdomain and email address you are using for the password grant and we can take a look.

Thanks,
Dale Smith
Photo of Jeff Caldwell

Jeff Caldwell

  • 4 Posts
  • 1 Reply Like
Done. Thanks Dale.
Photo of Dale Smith

Dale Smith, Software Engineer

  • 195 Posts
  • 31 Reply Likes
Hi Jeff,

So I looked up your oauth client and your user, and everything appears okay. I also used your oauth client to do a password grant for my ShareFile Account and was able to receive a token. Are you still having the issue? If so, have you run a fiddler or other network trace to verify that your code is sending the values you expect? Are you using one of our SDKs to make the call, or have you constructed code to do the call for you?

Dale
Photo of Jeff Caldwell

Jeff Caldwell

  • 4 Posts
  • 1 Reply Like
Thanks Dale,

Really appreciate you looking into it. Well, after my code started failing I actually plugged values into Postman to see if I could get a good response and I got the same thing as my code. The strange thing is that this all worked for several months and then just stopped late last week. I'll upload a screenshot of my Postman call to your sharefile link above.
Photo of Dale Smith

Dale Smith, Software Engineer

  • 195 Posts
  • 31 Reply Likes
Hi Jeff,

Thanks for sharing the screenshot. I see the issue, but i'm unsure what would have caused it to work before and all of a sudden break. When calling the /oauth/token endpoint, if you are putting in the information via form data, then the verb you want to use is a POST. We do support GET's to that endpoint, but the data would be in the query string. Our overall stance however is to always use POST with either form-data or x-www-form-urlencoded as the request content type due to the sensitive nature of the data being passed (client secret and password). Could you try making that change and see if your call succeeds?

Thanks,
Dale 
Photo of Jeff Caldwell

Jeff Caldwell

  • 4 Posts
  • 1 Reply Like
Hey Dale,

Turns out I had some other issues going on on my dev server making this a lot harder (like my JRE not liking the sharefile cert). Anyway, I was actually using a POST on the code I was testing, but had other issues as well. Once I got Postman going I quickly figured out where my issue was. I'm back in business now.

Thanks for your help!

Jeff
Photo of Chris Mathews

Chris Mathews

  • 1 Post
  • 0 Reply Likes
I'm having the same issue, receiving:
{
    "error": "invalid_client",
    "error_description": "client_id or client_secret is invalid"
}

I'm posting this url: https://subdomain.sharefile.com/oauth/token?grant_type=password&client_id=[client]&client_se...

any ideas on why the failure?
Photo of Jim .

Jim .

  • 2 Posts
  • 1 Reply Like
@Chris Mathews
I'm having the same issue. It just started about 2 days ago.
Photo of Jim .

Jim .

  • 2 Posts
  • 1 Reply Like
I was able to fix my issue by adding going into settings and adding an Application Specific Password.

In the account settings under 2 Step Verification there is a section that says "Some ShareFile applications that run outside a browser are not compatible with Two-Step Verification, and you will need to create a separate password."
Photo of c johnstone

c johnstone

  • 2 Posts
  • 0 Reply Likes
Also having the same error. Invalid client_id. Now getting a server error from sharefile. Used postman to verify
Photo of c johnstone

c johnstone

  • 2 Posts
  • 0 Reply Likes
Update: on friday, I was able to get a hold of a tech at Citrix named John who informed me this was due to the MFA they were rolling out. If you use this type of grant in your app, you need to disable MFA completely on the account. Sadly, Citrix won't publicly acknowledge the issue and you have to call or dig through these forums. 
Photo of Dale Smith

Dale Smith, Software Engineer

  • 195 Posts
  • 31 Reply Likes
Hi c johnstone,

If you use the password grant type in your application, you do not need to disable MFA. Instead the user logging in will need to go into their MFA settings in web app and generate an application specific code. You would then use that application specific code instead of the password. 

Thanks,
Dale