401 invalid client error

I’m trying to authorise a connection to the API but I get a 401 “invalid_client” error. What could be the cause of this? The client application is set to public and resource owner password-based. I have not added any redirect URIs or selected an algorithm. There isn’t really any code to show but here it is anyway:

import requests

r = requests.post(
 data = {
  'username': 'x',
  'password': 'x',
  'client_id': 'x',
  'client_secret': 'x',
  'grant_type': 'password'


Don’t send the secret if the app is set to public. (It’s a little strange that OGS even hands out a secret for public apps!)

EDIT: Also, I’m assuming ‘x’ is just a placeholder, but just in case, make sure to put real data in your request!

I’ve tried both changing to a confidential application and sending the client secret and keeping it as public and not sending the client secret and neither work. Do you know what else might be wrong? And yes, x is just a placeholder.

Is it the same error? The one other thing I can think of is that it needs to be form data, not json. But I think the error would be different than invalid client.

Also this thread may help (although it is postman/curl not python): Creating token return 405 error

Yeah it’s still the same error. What do you mean by form data instead of json? Unfortunately the thread doesn’t really help me figure out the issue.

Ah maybe the form data thing was a red herring. That’s what helped with the thread I linked. However doesn’t seem to be necessary in python/requests. Tbh I don’t see anything wrong with what you posted.

Sorry to keep posting threads, but here’s a python specific script, which doesn’t seem to differ all that much from yours: API Python recap/ help

Maybe there are some clues in there but idk

I tried creating a request.Session() like in the thread you sent but that didn’t make any difference. I even tried shutting my firewall off briefly (really grasping at straws here) but it didn’t seem to make a difference so I really have no idea what’s going on. Really weird issue here it seems.

1 Like

I don’t know if it matters, but I notice that my version had:

s = requests.Session()

while yours has:

r = requests.post(

1 Like

@keenest This script worked for me:

import requests

url = 'https://online-go.com/oauth2/token/'
myobj = {'username': 'USERNAME', 'password': 'PASSWORD', 'grant_type': 'password', 'client_id': 'MODIFY_THIS'}

x = requests.post(url, data = myobj)


Does it work for you?

I tried this as well but it didn’t work unfortunately

Just tried copy pasting this code but with my credentials and it didn’t work. I’m assuming there’s something wrong with how I set up the application then? I’m really unsure how I could’ve made a mistake there tho.

Did you set an OGS password for your OGS account? I used to log in with my Google credential but that doesn’t work if I want to authenticate myself with REST api.

1 Like

Yeah I’ve already done that :confused:

If you don’t mind, can you share the image of your oauth application page? Erase the client ID and client secret box but show the rest.

1 Like

I just realised the issue was that I made the application on the beta page instead of the regular one. A really stupid mistake that I should’ve noticed much sooner. Glad it’s solved now tho.


That’s awesome! Great to hear that things worked out!

1 Like

could you share the link for that regular one? is it @ Play Go at online-go.com! | OGS
if so.
I am experiencing the same issue here, ‘invalid_client’ on trying to getting an access token