Sudden API grant credential error. was working before

All of a sudden, I’m getting a Box API error. It was working fine previously; same code. nothing changed.

getting err for this function

from box_sdk_gen import BoxClient, BoxCCGAuth, CCGConfig
import os


ccg_config = CCGConfig(
    client_id=os.environ.get('BOX_CLIENT_ID'),
    client_secret=os.environ.get('BOX_CLIENT_SECRET'),
    user_id=os.environ.get('BOX_USER_ID'),
)
auth = BoxCCGAuth(config=ccg_config)
client = BoxClient(auth=auth)

try:
    me = client.users.get_user_me()
    print(f"My user ID is {me.id}")
except Exception as e:
    print(f"Error retrieving user info: {e}")


def getBoxImgToken(fileID):
    token_details = client.auth.downscope_token(
        scopes=["item_preview"],
        resource=f"https://api.box.com/2.0/files/{fileID}",
    )
    return token_details.access_token


print(getBoxImgToken("1571302350516"))

Error

Underlying error: None
2024-07-11 00:54:30,360: Message: 400 ; Request ID: 
2024-07-11 00:54:30,360: Request: 
2024-07-11 00:54:30,360: #011Method: POST
2024-07-11 00:54:30,361: #011URL: https://api.box.com/oauth2/token
2024-07-11 00:54:30,361: #011Query params: 
2024-07-11 00:54:30,361: {}
2024-07-11 00:54:30,361: #011Headers: 
2024-07-11 00:54:30,361: {       'Content-Type': 'application/x-www-form-urlencoded',
2024-07-11 00:54:30,361:         'User-Agent': 'box-python-generated-sdk-1.1.0',
2024-07-11 00:54:30,361:         'X-Box-UA': 'agent=box-python-generated-sdk/1.1.0; env=python/3.10.5'}
2024-07-11 00:54:30,361: #011Body: 
2024-07-11 00:54:30,361: 'grant_type=client_credentials&client_id=9eug2el8027rpt44mtx4fj3fg30gi......'
2024-07-11 00:54:30,361: Response: 
2024-07-11 00:54:30,361: #011Status code: 400
2024-07-11 00:54:30,361: #011Headers: 
2024-07-11 00:54:30,361: {       'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
2024-07-11 00:54:30,362:         'Cache-Control': 'no-store',
2024-07-11 00:54:30,362:         'Content-Type': 'application/json',
2024-07-11 00:54:30,362:         'Date': 'Thu, 11 Jul 2024 00:50:04 GMT',
2024-07-11 00:54:30,362:         'Set-Cookie': 'box_visitor_id=668f2c3c474c84.34609736; expires=Fri, '
2024-07-11 00:54:30,362:                       '11-Jul-2025 00:50:04 GMT; Max-Age=31536000; path=/; '
2024-07-11 00:54:30,362:                       'domain=.box.com; secure; SameSite=None, bv=FSYSR-2558; '
2024-07-11 00:54:30,362:                       'expires=Thu, 18-Jul-2024 00:50:04 GMT; Max-Age=604800; '
2024-07-11 00:54:30,362:                       'path=/; domain=.app.box.com; secure, cn=47; '
2024-07-11 00:54:30,362:                       'expires=Fri, 11-Jul-2025 00:50:04 GMT; '
2024-07-11 00:54:30,362:                       'Max-Age=31536000; path=/; domain=.app.box.com; secure, '
2024-07-11 00:54:30,362:                       'site_preference=desktop; path=/; domain=.box.com; '
2024-07-11 00:54:30,362:                       'secure',
2024-07-11 00:54:30,362:         'Strict-Transport-Security': 'max-age=31536000',
2024-07-11 00:54:30,362:         'Transfer-Encoding': 'chunked',
2024-07-11 00:54:30,363:         'Via': '1.1 google'}
2024-07-11 00:54:30,363: #011Code: None
2024-07-11 00:54:30,363: #011Context Info: 
2024-07-11 00:54:30,363: {}
2024-07-11 00:54:30,363: #011Request Id: None
2024-07-11 00:54:30,363: #011Help Url: None
2024-07-11 00:54:30,363: #011Body: 
2024-07-11 00:54:30,363: {'error': 'invalid_grant', 'error_description': 'Grant credentials are invalid'}
2024-07-11 00:54:30,363: #011Raw body: {"error":"invalid_grant","error_description":"Grant credentials are invalid"}
2024-07-11 00:54:30,363:   File "/var/www/erikdykema_pythonanywhere_com_wsgi.py", line 19, in <module>
2024-07-11 00:54:30,363:     application = get_wsgi_application()

my client id is 9eug2el8027rpt44mtx4fj3fg30gios3

1 Like

you just exposed your client secret. I am getting this same error, and its driving me insane but thank God its not localized to me.

IMPORTANT. YOU JUST EXPOSED YOUR CLIENT SECRET. IN THE ERROR CODE YOU PORVIDED, PLEASE DELETE THE ENTIRE POST, AS LAY USERS STILL HAVE ACCESS TO PREVIOUS VERSIONS OF THIS POST.

DONT FORGET TO REPOST ON HERE TO GET BOX’S ATTENTION OR TO LET ME KNOW HOW OYU SOLVED IT IF YOU DID THANKS

Thank you for letting me know. I just reset my secret key.

Hi folks,

This was surprising, and although I wasn’t able to replicate, some colleagues were reporting the same.

The solution seems to be to re-authorize the application in the admin console.

I was unable to identify the root cause of this.

Let us know if that solves the issue.