Apex Code Development You need to sign in to do that
Don't have an account?
Aryn Hurst-Clark Auth error: invalid grant
Hello all,
we have a Professional Edition with API access enabled. There is a custom permission set created (no "API enabled" option in the user settings unfortunately) with "API enabled" ticked and that permission set is assigned to the user I am using to connect. The user is a System Administrator.
There is a connected app created with relaxed IP permission and self-authenticating user set as an option. I am also aware that the password is a concatenation between the user password and a security token.
Yet I keep getting the same error when I try to connect:
curl -v https://test.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=***" -d "client_secret=***" -d "username=aryn@***" -d "password=***"
* Trying 96.43.149.120...
* Connected to test.salesforce.com (96.43.149.120) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA256
* Server certificate: test.salesforce.com
* Server certificate: Symantec Class 3 Secure Server CA - G4
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
> POST /services/oauth2/token HTTP/1.1
> Host: test.salesforce.com
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 219
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 219 out of 219 bytes
< HTTP/1.1 400 Bad Request
< Date: Tue, 27 Oct 2015 15:13:05 GMT
< Set-Cookie: BrowserId=5av_S5gFRS2DzP6lCKMcXA;Path=/;Domain=.salesforce.com;Expires=Sat, 26-Dec-2015 15:13:05 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
<
* Connection #0 to host test.salesforce.com left intact
{"error":"invalid_grant","error_description":"authentication failure"}
Thank you. Any help and/or suggestion is much appreciated.
Best,
Aryn
we have a Professional Edition with API access enabled. There is a custom permission set created (no "API enabled" option in the user settings unfortunately) with "API enabled" ticked and that permission set is assigned to the user I am using to connect. The user is a System Administrator.
There is a connected app created with relaxed IP permission and self-authenticating user set as an option. I am also aware that the password is a concatenation between the user password and a security token.
Yet I keep getting the same error when I try to connect:
curl -v https://test.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=***" -d "client_secret=***" -d "username=aryn@***" -d "password=***"
* Trying 96.43.149.120...
* Connected to test.salesforce.com (96.43.149.120) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA256
* Server certificate: test.salesforce.com
* Server certificate: Symantec Class 3 Secure Server CA - G4
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
> POST /services/oauth2/token HTTP/1.1
> Host: test.salesforce.com
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 219
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 219 out of 219 bytes
< HTTP/1.1 400 Bad Request
< Date: Tue, 27 Oct 2015 15:13:05 GMT
< Set-Cookie: BrowserId=5av_S5gFRS2DzP6lCKMcXA;Path=/;Domain=.salesforce.com;Expires=Sat, 26-Dec-2015 15:13:05 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
<
* Connection #0 to host test.salesforce.com left intact
{"error":"invalid_grant","error_description":"authentication failure"}
Thank you. Any help and/or suggestion is much appreciated.
Best,
Aryn
I gave your curl command a try in my own org with my own connected app, etc. and it executed successfully so your issue is not with your syntax. I know you said that you're already appending your security token to your password but perhaps you are using an outdated token? I also noticed you're hitting the test.salesforce.com domain - as I'm sure you're aware your sandbox user's password & security token are not updated along with your production org so perhaps the authentication information you're using truly doesn't match what Salesforce is expecting. Admittedly I have less experience with PE orgs but as a last resort if your sandbox was created before your production org became API-enabled perhaps you need to refresh it and/or reach out to your AE to enable API access there as well.
thank you very much for your response. This is by far, the most useful suggestion I have gotten around here.
I was not aware that testing and production may have different credentials, to be honest I would not even know how to log in/reach our test box. Do you have any idea where I culd find any docs about this?
We got an email that we have API access enabled and that was it. So I presumed that it's enabled for both environments...
The fastest thing to do in order to check this doubt, seemed to be to point the curl to production instead of test and I got the exact same error:
curl -v https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=***" -d "client_secret=***" -d "username=aryn@" -d "password=***"
* Trying 96.43.150.124...
* Connected to login.salesforce.com (96.43.150.124) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA256
* Server certificate: login.salesforce.com
* Server certificate: Symantec Class 3 Secure Server CA - G4
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
> POST /services/oauth2/token HTTP/1.1
> Host: login.salesforce.com
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 219
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 219 out of 219 bytes
< HTTP/1.1 400 Bad Request
< Date: Mon, 02 Nov 2015 16:15:45 GMT
< Set-Cookie: BrowserId=GRJr09vLTxmgPzRuLKRwGw;Path=/;Domain=.salesforce.com;Expires=Fri, 01-Jan-2016 16:15:45 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
<
* Connection #0 to host login.salesforce.com left intact
{"error":"invalid_grant","error_description":"authentication failure"}
I am really out of ideas what else to check, and where to look for help.
Thanks
Best,
Aryn
Definitely a head scratcher; my next bit of advice would be to fully disable any IP restrictions for the user to be sure that isn't the issue and if you still haven't had any luck contact your AE to see if you need to have your connected app whitelisted:
https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/dev_packages_api_access.htm
This is normally required for ISVs to be able to use the API with PE/GE org customers. I wouldn't have thought it would be necessary given you added API functionality to your PE org, but perhaps you still need to go through this process. A good test would be to spin up a brand new developer edition org (https://developer.salesforce.com/signup), which will run on enterprise edition with API enabled by default. Try running the same curl command with this new login information and see if it works.
1. Open your connected Apps.
2. On Details we have Edit Polices.
3. We have IP Relaxation: Please allow for all.
Note: Do not use # in your password.
https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=ConsumerKey&client_secret=ConsumerSecret&username=Yourusername&password=yourpassword