The error "unauthorized for grant type" occurs when your application is attempting to use an OAuth grant type that it is not approved to use. This often happens when your app requires the Authorization Code Flow but is attempting to use the Password Flow. See below for information in implementing Authorization Code Flow. For more information see this Developer Community article.
Where can I find example code that implements Authorization Code Flow (3-legged authorization flow)?
For information on the Authorization Code Flow, please see this Developer Community post. Sample demos in a few programming languages including JavaScript, C#, Python, Ruby, etc. are available in the ringcentral-demos-oauth repo.
How many simultaneous OAuth sessions can my application support? (Is there a maximum number of access tokens that a single user could create?)
You can have up to 5 simultaneous OAuth sessions per user per application.
Tokens expire and there is no way to disable the expire. But you can refresh the tokens before they expire. Access token's lifetime is 1 hour while refresh token's lifetime is 1 week. We have SDKs which provide utility methods to refresh tokens. You can find the SDKs and documentations here: https://github.com/ringcentral
It is by design for security reasons. Public applications are available to users from all companies, it's not secure to allow password flow. Authorization code flow is way better because user doesn't enter password out of RingCentral services.
curl -i -X POST "https://platform.devtest.ringcentral.com/restapi/oauth/token" \
-H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded" \
-u "clientId:clientSecret" \
-d "username=username&password=password&extension=extension&grant_type=password"