Apex Code Development You need to sign in to do that
Don't have an account?
jeffatflowdotnet "expired access/refresh token" during OAuth 2.0 Username-Password Flow
I signed up for force.com and created a remote application.
I can successfully complete the OAuth 2.0 username and password flow using my account credentials. And can subsequently fetch *my* data using the API.
However, when I use an account that is not the creator of the remote application, the response I receive is:
{"error":"invalid_grant","error_description":"expired access/refresh token"}
As far as I'm concerned, this is not even an error that I should be seeing, considering I am completing this flow to receieve an access token.
The URL that I am POSTing to is:
https://login.salesforce.com/services/oauth2/token?response_type=token&redirect_uri=REDIRECT_URI
and my POST body is:
grant_type=password&client_id=KEY&client_secret=SECRET&username=EMAIL&password=PASSWORDSECURITY_TOKEN
All variables are replaced with the proper values as outlined in the document http://na9.salesforce.com/help/doc/en/remoteaccess_oauth_username_password_flow.htm
Can anyone see the problem with this?
The Content-type header needs to be set to "application/x-www-form-urlencoded".
Consider adding this to the documentation because the error message that results does not help solve this problem. If you don't want to add that to the documentation, consider adding an error message with relevant HTTP status code, along the lines of "missing content-type header".
All Answers
The Content-type header needs to be set to "application/x-www-form-urlencoded".
Consider adding this to the documentation because the error message that results does not help solve this problem. If you don't want to add that to the documentation, consider adding an error message with relevant HTTP status code, along the lines of "missing content-type header".