OAuth token request – Invalid client ID

Hello, trying to piece together the correct API authentication flow based on various different and seemingly outdated API documentations, as well as some posts on this forum, but getting stuck with an invalid_client response from the endpoint.

Note: I am using the beta.online-go.com endpoints.

Steps taken:

  1. Registered a new app at Play Go at online-go.com! | OGS (I even tried this twice to make sure, but to no avail)
  2. Registered a new dummy test user on https://beta.online-go.com
  3. Doing a POST request to https://beta.online-go.com/oauth2/token/
  4. Providing x-www-form-urlencoded variables client_id, client_secret, username, password and grant_type with value password
  5. Triple checked all input and stored as local variables in Postman

Result: {"error": "invalid_client"}

No further details, but I’m assuming it doesn’t like the client ID or client secret. Are there any other steps that need to be taken? Do the applications need to be approved/validated first on OGS’s end?

1 Like

Maybe this is the problem?

Thanks, no I created the application on beta.online-go.com and am making requests to beta.online-go.com, so it should all match?

1 Like

Looks like firstly, the application that is registered need to be of the resource owner password grant type. And secondly, you need to copy the client secret that is generated on the first page before the app is saved and use that. As the client secret that is displayed later on is a hash of the client secret, and should not be used. So you only get one chance to copy the client secret.

I wish all of this was documented somewhere properly.


Could you share the settings you selected here? People have posted about this before and often it’s resolved by selecting a different client type.