Home Forums The XBRL API oauth2 Not Giving Access Token

Viewing 4 reply threads
  • Author
    • #187932
      Elisa Roselli

      I have received a client_id and client_secret from xBRL, but am unable to get an access_token from the Swagger page at https://xbrlus.github.io/xbrl-api/, because it repeatedly claims that client_credentials is an unsupported grant type.

      Code Details
      400 Error: Bad Request
      Response body
      “error”: “unsupported_grant_type”,
      “error_description”: “Unsupported Grant Type”

      What can I do about this?

      Many thanks to anyone who can help.

      Elisa Roselli

    • #187933
      David Tauriello

      Hi Elisa – welcome and thanks for posting. Sorry for the issues you’re having – appreciate the screen capture you sent along, as well.

      We don’t allow users to submit via ‘client_credentials’ until they’re authorized using ‘password’ (client_credentials is for renewing a token).

      On the initial authorization, you’ll need to pass:

      • Username
      • Password
      • Client ID
      • Client Secret
      • Grant Type
      • Platform

      Tip: you can also use one of the open lock icons on the right side of the Swagger page to dive into the data – it may be a bit quicker.

      Also, we’ve produced a couple of Jupyter Notebooks for Python and R that handle authorization – see https://mybinder.org/v2/gh/xbrlus/xbrl-api-ipynb/python?filepath=xbrl_us_api.ipynb or https://mybinder.org/v2/gh/xbrlus/xbrl-api-ipynb/master?filepath=xbrl_us_api_r.ipynb linked in the XBRL Data Community

      Let me know how you make out.

    • #187934
      Elisa Roselli


      Thanks for your help, but even when I fill in all the parameters as you suggest, I still don’t get access.

      The method using the lock icon at the right returns:
      Auth ErrorError: Bad Request, error: invalid_request, description: Bad or expired token

      whereas, if I fill in every parameter in the oauth endpoint and set the grant_type to password, it returns 400:
      “error”: “invalid_request”,
      “error_description”: “Bad Username or Password”

      I also tried getting another client_id and client_secret, on the idea that the first one may have expired, but the new ones have exactly the same behavior.

      I have also tried logging out and in again, just to make sure that the login details are the same as the ones entered for user and password (i.e. my email address and the password I configured on the xBRL site), but the results are the same.

      I can’t find what I’m doing wrong. Thanks for your patience.

      Elisa Roselli

    • #187937
      David TaurComcast

      Elisa – thanks for your time offline from this thread today. I’m glad we could get together to discuss and resolve the issue.

    • #188577
      Elisa Roselli

      I would just like to add some extra feedback on this.

      Returning to the API Swagger page after logging in, I discovered that I was once again getting error messages about incorrect username or password.

      What had happened since I last was able to log on with the help of David Tauriello in December, was that I had reset my password to the same password I use to log in to the xBRL site.

      When I had worked with David, we had used a provisional password, which I noticed, was an alphanumeric string with NO SPECIAL CHARACTERS. My password, on the other hand, had some punctuation and non-alpha characters in it. There were no complaints from the xBRL site when I configured it, but apparently the API Swagger doesn’t like it, and refused to give me a JWT.

      So I set the password again, this time using a purely alphanumeric string, and it is working.

      So, advice to anyone who might be encountering similar problem: avoid passwords with non-alphanumeric characters for this web site.

Viewing 4 reply threads
  • The topic ‘oauth2 Not Giving Access Token’ is closed to new replies.

Upcoming XBRL US Events

Domain Steering Committee Meeting
Tuesday, October 17, 2023

Communications & Services Steering Committee Meeting
Tuesday, October 17, 2023

GovFin 2023: Empowering Governments, Modernizing Reporting
Thursday, November 9, 2023