Has anyone managed to keep their backend OAuth flows working after locking down the tenant with mandatory SAML SSO? We’ve enforced SAML for all human users to meet compliance, which works fine for agents logging into the UI. But our automated scripts that rely on the client credentials grant are now getting rejected.
The code hasn’t changed. It’s using the standard flow against the https://api.mypurecloud.com/oauth/token endpoint. Before the SAML change, it worked. Now I’m getting a 401 Unauthorized. The response payload is pretty vague:
{
"error": "invalid_grant",
"error_description": "Bad credentials"
}
I’ve double-checked the client ID and secret. They’re still valid in the developer portal. I’m wondering if enforcing SAML SSO somehow invalidates or restricts the OAuth client application itself? Or do we need to switch to a different grant type, like authorization code with PKCE, even for non-interactive scripts? The docs mention that SAML affects user login, but it doesn’t explicitly say it breaks machine-to-machine auth. We’ve tried rotating the secret, no luck. Any ideas on what’s blocking this?