Tagged: authorize / renew
Tuesday, December 8, 2020 at 11:58 AM #187932
I have received a client_id and client_secret from xBRL, but am unable to get an access_token from the Swagger page at https://xbrlus.github.io/xbrl-api/, because it repeatedly claims that client_credentials is an unsupported grant type.
400 Error: Bad Request
“error_description”: “Unsupported Grant Type”
What can I do about this?
Many thanks to anyone who can help.
Tuesday, December 8, 2020 at 12:22 PM #187933David TaurielloKeymaster
Hi Elisa – welcome and thanks for posting. Sorry for the issues you’re having – appreciate the screen capture you sent along, as well.
We don’t allow users to submit via ‘client_credentials’ until they’re authorized using ‘password’ (client_credentials is for renewing a token).
On the initial authorization, you’ll need to pass:
- Client ID
- Client Secret
- Grant Type
Tip: you can also use one of the open lock icons on the right side of the Swagger page to dive into the data – it may be a bit quicker.
Also, we’ve produced a couple of Jupyter Notebooks for Python and R that handle authorization – see https://mybinder.org/v2/gh/xbrlus/xbrl-api-ipynb/python?filepath=xbrl_us_api.ipynb or https://mybinder.org/v2/gh/xbrlus/xbrl-api-ipynb/master?filepath=xbrl_us_api_r.ipynb linked in the XBRL Data Community
Let me know how you make out.
Tuesday, December 8, 2020 at 12:41 PM #187934
Thanks for your help, but even when I fill in all the parameters as you suggest, I still don’t get access.
The method using the lock icon at the right returns:
Auth ErrorError: Bad Request, error: invalid_request, description: Bad or expired token
whereas, if I fill in every parameter in the oauth endpoint and set the grant_type to password, it returns 400:
“error_description”: “Bad Username or Password”
I also tried getting another client_id and client_secret, on the idea that the first one may have expired, but the new ones have exactly the same behavior.
I have also tried logging out and in again, just to make sure that the login details are the same as the ones entered for user and password (i.e. my email address and the password I configured on the xBRL site), but the results are the same.
I can’t find what I’m doing wrong. Thanks for your patience.
Tuesday, December 8, 2020 at 3:19 PM #187937David TaurComcastParticipant
Elisa – thanks for your time offline from this thread today. I’m glad we could get together to discuss and resolve the issue.
Tuesday, January 19, 2021 at 9:00 AM #188577
I would just like to add some extra feedback on this.
Returning to the API Swagger page after logging in, I discovered that I was once again getting error messages about incorrect username or password.
What had happened since I last was able to log on with the help of David Tauriello in December, was that I had reset my password to the same password I use to log in to the xBRL site.
When I had worked with David, we had used a provisional password, which I noticed, was an alphanumeric string with NO SPECIAL CHARACTERS. My password, on the other hand, had some punctuation and non-alpha characters in it. There were no complaints from the xBRL site when I configured it, but apparently the API Swagger doesn’t like it, and refused to give me a JWT.
So I set the password again, this time using a purely alphanumeric string, and it is working.
So, advice to anyone who might be encountering similar problem: avoid passwords with non-alphanumeric characters for this web site.
- The topic ‘oauth2 Not Giving Access Token’ is closed to new replies.
Documentation & Discussion
- The XBRL API
- XBRL Data Community
- XBRL API Interactive Documentation
- XBRL API Documentation (PDF)
- Get Started with Google Sheets OR
- Get Started with Microsoft Excel OR
- Get access to as-filed data from us for other tools or your own app
Join XBRL US
- Individual Options - Basic, Power User & Sole Practitioner
- For Your Team - Startup, Non-Profit, Academic & Corporate options
- Member Benefits Comparison Table
Using the XBRL API with the Public Filings Database
Unless otherwise agreed to in writing, any and all use of the XBRL API to authenticate and retrieve data from the XBRL US Database of Public Filings implies user consent and agreement with the XBRL US API Agreement. If you are unable to agree to these terms, do not use the XBRL API.
To use the XBRL API outside of Google Sheets, your account needs to be provisioned for OAuth2 access.