ShareFile OAuth Password Grant Type ================================== Configuration: ============== Subdomain: cazarin Client ID: CwOHHD06vOwW4QlxPEYH4GULOhgoZLAw Client Secret: l1ua****Zjjk Username: david@cazarin.com Password: ******************* Token Request Details: ===================== URL: https://cazarin.sharefile.com/oauth/token Method: POST Content-Type: application/x-www-form-urlencoded Request Body: grant_type=password&username=david%40cazarin.com&password=if3w+ynzy+pfgx+i4dg&client_id=CwOHHD06vOwW4QlxPEYH4GULOhgoZLAw&client_secret=l1ua69h2mLoVmzgasRxq8H0F7SPXJedDYAqifLPFbLJkZjjk Response: ========= HTTP Code: 400 Verbose cURL Output: =================== * processing: https://cazarin.sharefile.com/oauth/token * Trying 13.248.193.251:443... * Connected to cazarin.sharefile.com (13.248.193.251) port 443 * ALPN: offers h2,http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: CN=*.sharefile.com * start date: Oct 5 00:00:00 2025 GMT * expire date: Nov 3 23:59:59 2026 GMT * subjectAltName: host "cazarin.sharefile.com" matched cert's "*.sharefile.com" * issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01 * SSL certificate verify ok. * using HTTP/2 * h2 [:method: POST] * h2 [:scheme: https] * h2 [:authority: cazarin.sharefile.com] * h2 [:path: /oauth/token] * h2 [content-type: application/x-www-form-urlencoded] * h2 [accept: application/json] * h2 [content-length: 183] * Using Stream ID: 1 > POST /oauth/token HTTP/2 Host: cazarin.sharefile.com Content-Type: application/x-www-form-urlencoded Accept: application/json Content-Length: 183 < HTTP/2 400 < date: Fri, 29 May 2026 22:22:16 GMT < content-type: application/json;charset=UTF-8 < content-length: 76 < set-cookie: AWSALBTG=Dcf/tmUwbjKrAWi7OWb+tnT3rIM+f8QoTCG5KVzuLKTjWJuR/vL4JJ7y+5UGvqDoNB29wLcXsjuTuJzQwMvwknNrqZgD5qIcNvoY6/AvvzwOzTjbXjIUIrr8rvg2NSt7kDDzijAPOa931HAVimP/JZFCxKM8/WgZAGnR/F33pcZL; Expires=Fri, 05 Jun 2026 22:22:15 GMT; Path=/ < set-cookie: AWSALBTGCORS=Dcf/tmUwbjKrAWi7OWb+tnT3rIM+f8QoTCG5KVzuLKTjWJuR/vL4JJ7y+5UGvqDoNB29wLcXsjuTuJzQwMvwknNrqZgD5qIcNvoY6/AvvzwOzTjbXjIUIrr8rvg2NSt7kDDzijAPOa931HAVimP/JZFCxKM8/WgZAGnR/F33pcZL; Expires=Fri, 05 Jun 2026 22:22:15 GMT; Path=/; SameSite=None; Secure < set-cookie: AWSALB=AFMOAbK3FZ/embLSw14KL/+jISN0+uOvBO5XrbR54++N3Ai0PWj/uEmPkGofKU5pUBbB5HDlznwwasMaU0fKP35K/Lc5GdvtDd/+koeIYCfj5kVt3NXSiwaqr79a; Expires=Fri, 05 Jun 2026 22:22:15 GMT; Path=/ < set-cookie: AWSALBCORS=AFMOAbK3FZ/embLSw14KL/+jISN0+uOvBO5XrbR54++N3Ai0PWj/uEmPkGofKU5pUBbB5HDlznwwasMaU0fKP35K/Lc5GdvtDd/+koeIYCfj5kVt3NXSiwaqr79a; Expires=Fri, 05 Jun 2026 22:22:15 GMT; Path=/; SameSite=None; Secure < cache-control: no-store, no-cache < expires: Thu, 28 May 2026 22:22:15 GMT < citrix-transactionid: 294be634-04b4-4314-a2e5-f167fffd7217 < correlationid: 6_dOHhjb4kaKFeiMygshCg < x-content-type-options: nosniff < x-xss-protection: 1; mode=block < x-frame-options: DENY < x-robots-tag: noindex < x-sfapi-requestid: ifSHuPyRnEuVKBZX7ce0Gg < * Connection #0 to host cazarin.sharefile.com left intact Response Body: ============== {"error":"invalid_grant","error_description":"invalid username or password"} ❌ FAILED: Could not obtain token Error: invalid_grant Description: invalid username or password Troubleshooting Tips: =================== 1. Verify your API application supports 'password' grant type 2. Check username format (try with/without domain) 3. Ensure app-specific password is used if 2FA is enabled 4. Verify client_id and client_secret are correct 5. Check if your API app has the required scopes Next Steps: =========== If this works, we can update the SimpleShareFileAPI.php to use this URL structure. If it fails, we may need to use the Authorization Code flow instead.