oauth2 Not Giving Access Token

[Anonymous]

I have received a client_id and client_secret from xBRL, but am unable to get an access_token from the Swagger page at https://xbrlus.github.io/xbrl-api/, because it repeatedly claims that client_credentials is an unsupported grant type.

Code Details
400 Error: Bad Request
Response body
Download
{
“error”: “unsupported_grant_type”,
“error_description”: “Unsupported Grant Type”
}

What can I do about this?

Many thanks to anyone who can help.

Elisa Roselli

[David Tauriello]

Hi Elisa – welcome and thanks for posting. Sorry for the issues you’re having – appreciate the screen capture you sent along, as well.

We don’t allow users to submit via ‘client_credentials’ until they’re authorized using ‘password’ (client_credentials is for renewing a token).

On the initial authorization, you’ll need to pass:

• Username
• Password
• Client ID
• Client Secret
• Grant Type
• Platform

Tip: you can also use one of the open lock icons on the right side of the Swagger page to dive into the data – it may be a bit quicker.

Also, we’ve produced a couple of Jupyter Notebooks for Python and R that handle authorization – see https://mybinder.org/v2/gh/xbrlus/xbrl-api-ipynb/python?filepath=xbrl_us_api.ipynb or https://mybinder.org/v2/gh/xbrlus/xbrl-api-ipynb/master?filepath=xbrl_us_api_r.ipynb linked in the XBRL Data Community

Let me know how you make out.

[Anonymous]

David,

Thanks for your help, but even when I fill in all the parameters as you suggest, I still don’t get access.

The method using the lock icon at the right returns:
Auth ErrorError: Bad Request, error: invalid_request, description: Bad or expired token

whereas, if I fill in every parameter in the oauth endpoint and set the grant_type to password, it returns 400:
{
“error”: “invalid_request”,
“error_description”: “Bad Username or Password”
}

I also tried getting another client_id and client_secret, on the idea that the first one may have expired, but the new ones have exactly the same behavior.

I have also tried logging out and in again, just to make sure that the login details are the same as the ones entered for user and password (i.e. my email address and the password I configured on the xBRL site), but the results are the same.

I can’t find what I’m doing wrong. Thanks for your patience.

Elisa Roselli

[Anonymous]

Elisa – thanks for your time offline from this thread today. I’m glad we could get together to discuss and resolve the issue.

[Anonymous]

Hi,
I would just like to add some extra feedback on this.

Returning to the API Swagger page after logging in, I discovered that I was once again getting error messages about incorrect username or password.

What had happened since I last was able to log on with the help of David Tauriello in December, was that I had reset my password to the same password I use to log in to the xBRL site.

When I had worked with David, we had used a provisional password, which I noticed, was an alphanumeric string with NO SPECIAL CHARACTERS. My password, on the other hand, had some punctuation and non-alpha characters in it. There were no complaints from the xBRL site when I configured it, but apparently the API Swagger doesn’t like it, and refused to give me a JWT.

So I set the password again, this time using a purely alphanumeric string, and it is working.

So, advice to anyone who might be encountering similar problem: avoid passwords with non-alphanumeric characters for this web site.

[Author]

Posts