+ Start a Discussion
PraeneiPraenei 

Bad Request when using oauth2 with refresh_token between 2 Salesforce orgs

Hi all & thanks for taking the time to read this.

I'm working on a project which requires a rest api call to an external site.  As the external company haven't completed their work yet I thought I'd get ahead of the curve & write a simulation of their code on one of our sanboxes so I can test my code which is running in another sandbox.  However I get a [Status=Bad Request, StatusCode=400] response when requesting an authorisation code before I even get to the point of the real request.  I can boil down this request down to (where the client_id etc. obviously have the correct values):-
 
HttpRequest req = new HttpRequest();
Http http = new Http();
String authUrl = 'https://test.salesforce.com/services/oauth2/token?grant_type=refresh_token' +
                            '&client_id=' + 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX' +
                            '&client_secret=' + 'YYYYYYYYYYYYYYYYYYYYYYYYYYYYY' +
                            '&refresh_token=' + 'ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ';

string reqBody = 'sss';

req.setHeader('Content-Type', 'application/json;charset=UTF-8');

req.setMethod('POST');
req.setEndpoint(authUrl);
system.debug(authUrl);


HTTPResponse resp = http.send(req);
system.debug(resp);
Bizarrelyif I log in to workbench using the sandbox that is sending the request & go to the Rest Explorer & use the value in the variable authUrl without the https://test.salesforce.com (so starting /services/oauth2/token?grant_type=refresh_token...) it works fine.

Any suggestions as this is driving me crazy?  

Thanks for any help you can offer.

Praenei
 
Best Answer chosen by Praenei
PraeneiPraenei
Hi Krishna & thanks for taking the time to reply.

That didn't actually fix it but did highlight the problem.  When I changed the url to use the one specified in My Domain Settings (+ changed the appropriate Remote Site Setting) the response's body contained {"error":"invalid_grant","error_description":"ip restricted"}.  I added that ip address to the ip whitelist on the profile being used & changed the code/setting back to use test.salesforce.com & it worked.  

Any idea how Workbench is able to work without having the ip address whitelisted?

Thanks again.

All Answers

Krishna.AvvaKrishna.Avva
Hi Praenei,

Is my domain enabled? If yes, try using the domain url and not test.salesforce.com.

Regards,
Krishna Avva
PraeneiPraenei
Hi Krishna & thanks for taking the time to reply.

That didn't actually fix it but did highlight the problem.  When I changed the url to use the one specified in My Domain Settings (+ changed the appropriate Remote Site Setting) the response's body contained {"error":"invalid_grant","error_description":"ip restricted"}.  I added that ip address to the ip whitelist on the profile being used & changed the code/setting back to use test.salesforce.com & it worked.  

Any idea how Workbench is able to work without having the ip address whitelisted?

Thanks again.
This was selected as the best answer
Krishna.AvvaKrishna.Avva
Hi Praenei,

I am glad it helped. I am not sure why you did not get the error from Workbench. May be - i am just guessing it here, it has something to do with when you access something from workbench, all the requests go through the Workbench Canvas App installed in your org. 

Regards,
Krishna Avva