Got this 401 error when trying to authenticate via the OAuth token endpoint after switching our org to SAML SSO for user login. We need the internal bot to keep using OAuth Client Credentials, but it’s failing.
POST https://mypurecloud.jive.com/oauth/token
{
"grant_type": "client_credentials",
"client_id": "abc123",
"client_secret": "secret456"
}
Response:
401 Unauthorized
The docs state: “SAML SSO affects user authentication flows. OAuth 2.0 Client Credentials grant remains unaffected for machine-to-machine communication.” We’ve verified the client ID and secret are correct in the Developer Tools section. The integration was working fine before we enabled SAML SSO for the organization. It’s not a user login issue since we aren’t using authorization_code or password grants here. We’re strictly using the machine-to-machine flow.
Is there a specific setting in the SAML configuration that blocks the token endpoint? We’ve checked the relying party trust settings. Everything looks standard. The assertion consumer service URL is set correctly. We’re in Europe/Amsterdam timezone, so maybe there’s a clock skew issue? The server time is synced via NTP. The difference is less than 500ms. That shouldn’t cause a 401 on the token endpoint itself, right? The docs don’t mention any dependency between SAML trust configuration and the OAuth token endpoint availability for client credentials.
We tried regenerating the client secret. Same result. We tried using the SDK’s ClientCredentialsGrant method in Python. It throws an Unauthorized exception immediately. The request headers look fine. Content-Type is application/x-www-form-urlencoded.
Is there a hidden flag in the SAML metadata or the OAuth client configuration that disables non-SAML auth methods? We need the bot to run independently of user sessions. It shouldn’t care about SAML at all. But it’s failing. The error doesn’t give much detail. Just Unauthorized.
Any ideas? We’re stuck.