Grant credentials are invalid when refreshing token

Hi, @ajankowski @lsocha, @rbarbosa
I use a client credentials grant for accessing my enterprise account. I successfully called the enterprise user API using the boxsdk for python. But now when I try to call any box API using the client I get the following error.

DEBUG 2023-11-24 04:13:25,474 oauth2 Refreshing tokens. (
INFO 2023-11-24 04:13:52,500 default_network e[36mPOST {'data': {'box_subject_id': '30187662834',
          'box_subject_type': 'user',
          'client_id': '---9or2',
          'client_secret': '---nKID',
          'grant_type': 'client_credentials'},
 'headers': {'User-Agent': 'box-python-sdk-3.9.2',
             'X-Box-UA': 'agent=box-python-sdk/3.9.2; env=python/3.10.12',
             'content-type': 'application/x-www-form-urlencoded'}}e[0m (

I debugged and found that the refresh call is made inside the file in the boxsdk.
right when this code is called under the


access_token, refresh_token = self._refresh(access_token_to_refresh)

the exception occurs.
following are the debug terminal log

(Pdb) n
Message: Grant credentials are invalid
Status: 400
Method: POST
Headers: {'Date': 'Fri, 24 Nov 2023 04:13:53 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Strict-Transport-Security': 'max-age=31536000', 'Set-Cookie': 'box_visitor_id=656023014569d9.46726692; expires=Sun, 24-Nov-2024 04:13:53 GMT; Max-Age=31622400; path=/;; secure; SameSite=None, bv=EUG-5666; expires=Fri, 01-Dec-2023 04:13:53 GMT; Max-Age=604800; path=/;; secure, cn=56; expires=Sun, 24-Nov-2024 04:13:53 GMT; Max-Age=31622400; path=/;; secure, site_preference=desktop; path=/;; secure', 'Cache-Control': 'no-store', 'Via': '1.1 google', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'}
> /home/midhun.benny/.local/lib/python3.10/site-packages/boxsdk/auth/

Hi @MBenny,

The error you are receiving, Grant credentials are invalid, is most likely due to the lack of appropriate settings in the Box application.

Please refer to the documentation here:

To enable authorization as a user in CCG, you need to go to the application’s developer console and follow these steps:

  1. In the Configuration tab, enable the Generate user access tokens option and save the settings.

  2. In the Authorization tab, send a request for authorization to the admin.

  3. After the admin approves, CCG should work in the user’s context.

Hope this help!

I had initiated the same and got approval from the Admin as well. But how to generate the access token in the CCG auth. When I authenticate I get only oauth object and no access_token


After setting up the CCGAuth client, just before your first API call, for example client.as_user(user) ,an API request is automatically made to the following endpoint POST to obtain the access token.

On your end, just run the code below, and everything should work, as long as you have previously enabled the Generate user access tokens option and it has been approved by an admin.

auth = CCGAuth(
    client_id="<YOUR CLIENT ID>",
    client_secret="<YOUR CLIENT SECRET>",
    user="<YOUR USER ID>"

client = Client(auth)


The issue is that when order to call the file representation API and get the file representation in text format I made use of the get_representations() available in the SDK. but this will return a URL from which I used the client.make_request () but this generated a response
Expected JSON response

Hence as per the given reference

I need to pass the access token in order for thr do_request() to work.

Can you provide an example of the code that is not working for you? If you still have issues with authentication please follow @ajankowski advice and you should be able to get access token by calling client.auth.access_token.

Thank you very much for your help. What I was missing was the piece of code that was mentioned. I am now able to get the access token using the client. auth.access_token