You need to sign in to do that
Don't have an account?
Kelsey Martens
How to use OAuth2 user-agent flow without knowing the redirect_uri beforehand?
I'm currently working on creating a plugin which would allow its users to interact with their Salesforce accounts via REST API.
Since the code would be residing on end-user servers I cannot use the client_secret, so I figured that using the User-Agent flow is the thing I'm looking for.
The problem is, however, I cannot get the redirect to work, since I get a "redirect_uri_mismatch" error. It works if I specify the CallbackURL in my Connected App settings, but since this is a plugin that clients can install on their sites, I cannot know their URI's before hand.
Is it possible to allow any url to be a redirect_uri?
If not - what are my alternatives? I can't make the client secret safe.
Since the code would be residing on end-user servers I cannot use the client_secret, so I figured that using the User-Agent flow is the thing I'm looking for.
The problem is, however, I cannot get the redirect to work, since I get a "redirect_uri_mismatch" error. It works if I specify the CallbackURL in my Connected App settings, but since this is a plugin that clients can install on their sites, I cannot know their URI's before hand.
Is it possible to allow any url to be a redirect_uri?
If not - what are my alternatives? I can't make the client secret safe.
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_curl.htm
https://developer.salesforce.com/forums/?id=906F0000000DEvGIAW
Is it possible at all? I have an open source plugin, which cannot contain Apps my client_secret since it would be visible to everyone.
My suggestion, make the plugin so the one that is installing it can setup a client_id, a client_secret and a their callback url.
You might want to consider leaving some instructions on how to create the connected app and how to get the callback.
By doing so, they will be able to make sure that only their plugin is getting access, etc.
Kind regards.