+ Start a Discussion
raj kiranraj kiran 

developing the User-Agent OAuth Authentication Flow

Hi All,

We are using the User-Agent OAuth Authentication Flow so that vendors can insert the data from thier internal/exteranal sites  buy using simple insert rest api endpoint call using javascript/ajax calls. 

we have shared the sample endpoint for authorization like 
so vendors would call the above endpoint and grant authorization like accept/reject pop getting displayed in thier front end screens for first time call,On sucessfully redirection. the screen gets redirect to redirect url mentioned in connected app. 
we have mentioned that redirect url as www.vendordoamin.page/sfdc.jsp. where sfdc.jsp is the page where user submited the date from. so when user authorizes via pop, the sfdc authorization servers should respond back with access token.  
Once the access token is received vendor should store the access through out the request and should use the same to insert the custom lead data via standard rest url generated via workbench. 

If incase the access token is expired , the request should be made to below url to get new token

POST /services/oauth2/token HTTP/1.1
Host: https://test.salesforce.com/
&refresh_token=your token here

We have used this apporach so that we can share authorize endpoint and code, simple authorization inputs from front end user when submitting data, and then system inserting data to sfdc.
(we want this simple approach so that many other vendor can simple insert our rest api code and can insert data)

Since the vendors are unable to test or help us with sfdc support I am bangging my head to replicate this cors issue in sfdc side. like 

Now for the problems
-- for the first time vendors were able to authorize
-- they got access token, however the second time for refreshing acess tokens they are getting CORS errors and unable to proceed further.
-- how do  i actually replicate the issue ? i had minimum expeirence in java web apps, but developing java based web app like using jsp, 
tomcat and rest webservice is only the way to replicate the cors issue? 
-- there are many sample codes but using maven/jaxb/some other rest api in eclipse /configuring buildpath is all hell for me.
-- Is there any other way to test  User-Agent OAuth Authentication Flow ??
-- if testing only via creation java project etc can anyone share any sample code/ eclipse configurtaion.

** already whitelisted  vendors domain in CORS option in saleforce. 
Tuan LuTuan Lu
You initial Oauth URL is pointing to production and your refresh URL is pointing to sandbox. They are 2 different environments so the tokens will not work from one to the other.
raj kiranraj kiran
Hi Tuan Lu,

My Bad, initial url is test only (regret the copy past error).  
appreciate for your quick insight !