Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

User-Based Server Application API "client_invalid" error

One of our support specialists is running into some obstacles trying to create a User-Based Server Application API access token for Panopto following instructions here: https://support.panopto.com/s/article/oauth2-for-services#hTargetInstance1. Connecting to the server, he gets the error response of "client_invalid". He's using a service account, with its credentials password. This account was added to the the admin group for Panopto. 

He believes this error may be because we use SSO for Panopto sign-in and their system would have no record of a password for this account?

I recommended they use the "Client Secret" for Password Credentials in the instructions below, but he tried the methods for both internal and external users. They each return the “invalid_client” error in the response. For the external user: he specified the user name as <service account> and also tried <service account>@temple.edu<mailto:<service account>@temple.edu>; and set the authentication code as the password associated with that account’s TU credentials, combined with our SAML identity provider’s id (from the admin settings section), and encoded as directed in the instructions. https://support.panopto.com/s/article/How-to-use-Postman-with-the-Panopto-REST-API

Any suggestions on what to do next would be greatly appreciated! Thanks



  • Options
    Kevin BaumKevin Baum Panopto Employee

    Hi Addy,

    Is the service account a Panpto account, or is it an external account you are using as a service account, through your SSO?

    If this is an external account, then you should be using the full user key, including the Identity Provider instance name from the Identity Providers Setting page for the user name. As an example, if the Identity Provider instance name is "saml", the username field should be "saml\username".

    For the password for an external account, do not send the password you would use to log in, since Panopto would have no record of that password. Instead, you should create an authentication code using the user key from above and the "Application ID" for the Identity Provider from the Identity Provider settings page in Panopto, then hashing and encoding the result. We have more details in section 2.1.c of our How to Get OAuth2 Access Tokens for Services article on our support page.

    I hope this helps. Please let me know if you have any other questions.



  • Options

    Thank you Kevin! I've passed your comment along to the support specialist and will let you know if we have any additional questions.


Sign In or Register to comment.