ShareFile OAuth Password Grant Type ================================== Configuration: ============== Subdomain: cazarin Client ID: CwOHHD06vOwW4QlxPEYH4GULOhgoZLAw Client Secret: l1ua****Zjjk Username: david@cazarin.com Password: ******************* Token Request Details: ===================== URL: https://cazarin.sharefile.com/oauth/token Method: POST Content-Type: application/x-www-form-urlencoded Request Body: grant_type=password&username=david%40cazarin.com&password=if3w+ynzy+pfgx+i4dg&client_id=CwOHHD06vOwW4QlxPEYH4GULOhgoZLAw&client_secret=l1ua69h2mLoVmzgasRxq8H0F7SPXJedDYAqifLPFbLJkZjjk Response: ========= HTTP Code: 400 Verbose cURL Output: =================== * processing: https://cazarin.sharefile.com/oauth/token * Trying 13.248.193.251:443... * Connected to cazarin.sharefile.com (13.248.193.251) port 443 * ALPN: offers h2,http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: CN=*.sharefile.com * start date: Oct 5 00:00:00 2025 GMT * expire date: Nov 3 23:59:59 2026 GMT * subjectAltName: host "cazarin.sharefile.com" matched cert's "*.sharefile.com" * issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01 * SSL certificate verify ok. * using HTTP/2 * h2 [:method: POST] * h2 [:scheme: https] * h2 [:authority: cazarin.sharefile.com] * h2 [:path: /oauth/token] * h2 [content-type: application/x-www-form-urlencoded] * h2 [accept: application/json] * h2 [content-length: 183] * Using Stream ID: 1 > POST /oauth/token HTTP/2 Host: cazarin.sharefile.com Content-Type: application/x-www-form-urlencoded Accept: application/json Content-Length: 183 < HTTP/2 400 < date: Fri, 29 May 2026 22:19:54 GMT < content-type: application/json;charset=UTF-8 < content-length: 76 < set-cookie: AWSALBTG=mSIM0Fap+GGj9zFvv0Wd+ZMGFHMUW7qyMARJ8ep6CJ8NG9DMExN/wY8KFDVH56FD1TId7ATaXL+yeDOWFFCMG56oSZo7jJYIj9DnDSCSnKvLZCiuFsJBRzIrCv08NEZOODPTeaomy3dzNuTGovn2TVvDRiKxN2JpeoBxt2FtVouR; Expires=Fri, 05 Jun 2026 22:19:54 GMT; Path=/ < set-cookie: AWSALBTGCORS=mSIM0Fap+GGj9zFvv0Wd+ZMGFHMUW7qyMARJ8ep6CJ8NG9DMExN/wY8KFDVH56FD1TId7ATaXL+yeDOWFFCMG56oSZo7jJYIj9DnDSCSnKvLZCiuFsJBRzIrCv08NEZOODPTeaomy3dzNuTGovn2TVvDRiKxN2JpeoBxt2FtVouR; Expires=Fri, 05 Jun 2026 22:19:54 GMT; Path=/; SameSite=None; Secure < set-cookie: AWSALB=CWbUI1JJ7tWTgRnEJS8fMY+tZIXX4qoS8QoSLjWWaVdFn11cShgw6RcReiWPrjz5EuFLbudTPEBx3pyepvaDKwFK3jAR1I3b6FnBX5UEi7y/zJARo/j3L1q6ZtYt; Expires=Fri, 05 Jun 2026 22:19:54 GMT; Path=/ < set-cookie: AWSALBCORS=CWbUI1JJ7tWTgRnEJS8fMY+tZIXX4qoS8QoSLjWWaVdFn11cShgw6RcReiWPrjz5EuFLbudTPEBx3pyepvaDKwFK3jAR1I3b6FnBX5UEi7y/zJARo/j3L1q6ZtYt; Expires=Fri, 05 Jun 2026 22:19:54 GMT; Path=/; SameSite=None; Secure < cache-control: no-store, no-cache < expires: Thu, 28 May 2026 22:19:54 GMT < citrix-transactionid: 37a0d3dd-00c7-4ae3-8c61-0d78579fb4b5 < correlationid: 3-_NSPI_6EO-sPDECmHtxQ < x-content-type-options: nosniff < x-xss-protection: 1; mode=block < x-frame-options: DENY < x-robots-tag: noindex < x-sfapi-requestid: iv59tYQ2_E6IMVeI95HReA < * Connection #0 to host cazarin.sharefile.com left intact Response Body: ============== {"error":"invalid_grant","error_description":"invalid username or password"} ❌ FAILED: Could not obtain token Error: invalid_grant Description: invalid username or password Troubleshooting Tips: =================== 1. Verify your API application supports 'password' grant type 2. Check username format (try with/without domain) 3. Ensure app-specific password is used if 2FA is enabled 4. Verify client_id and client_secret are correct 5. Check if your API app has the required scopes Next Steps: =========== If this works, we can update the SimpleShareFileAPI.php to use this URL structure. If it fails, we may need to use the Authorization Code flow instead.