function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Sailor67Sailor67 

Why has OAuth stopped returning refresh_token...?

Our REST API calls just suddenly stopped working since there is no way using the refresh_token procedure. We then found out there was actually no refresh_token provided after the user has been authenticated in the first place, even though this has always been the case previously.



We read a previous thread here about using that parameter scope=full, but whatever parameter we attach here there is always a HTTP Error 400 response. According to the documentation, if skipping the scope param it should default to ID + refresh_token + API. But when we skip it we only get this response: 

 

<OAuth>

  <id>https://login.salesforce.com/id/XYZ</id>

  <issued_at>1332580779061</issued_at>

  <scope>full</scope>

  <instance_url>https://na8.salesforce.com</instance_url>

  <signature>XYZ</signature>

  <access_token>XYZ</access_token>

</OAuth>





Why is this…?

Navatar_DbSupNavatar_DbSup

Hi,

 

In this situation, the client application can use the refresh token to obtain a new access token. The refresh token represents the user's access grant to the application, and is valid until explicitly revoked by the user, via Setup ? My Personal  Information ?  Remote  Access.

 

The client application obtains a new access token by Posting another request to https://login.salesforce.com/services/oauth2/token, this time with payload of the form:z

grant_type=refresh_token&client_id=3MVG9lKcPoNINVBJGKrUKSXjJRTgKoeZx6OvJLXwLO8n80_OY.ydx0cQ24zGwBhRfa4YEWrFaNVVdI142EivZ&client_secret=7868057769520845245&refresh_token=5Aep861eWO5D.7wJBuW5aaARbbxQ8hssCnY1dw3qi59o1du7ob.lp23ba_3jMRnbFNT5R8X2GUKNA==

grant_type = Set this to refresh_token.

client_id = Your application's client identifier.

client_secret = Your application's client secret (optional).

refresh_token  = The refresh token provided in the previous access grant.

 

Did this answer your question? If not, let me know what didn't work, or if so, please mark it solved. 

 

 

Sailor67Sailor67

Thanks, but I am afraid you misunderstood me..

 

We never GET a refresh_token at all anymore in the first authentication. But we did get it in the past and then there was never a problem to actually obtain a new access_token. But now suddenly we don't get it anymore.

 

It is a complete mystery. 

 

Sailor67Sailor67

I found a solution:

 

The problem is that the scope=full parameter for some reason just stopped working i.e. the API-ignored it. Maybe a Salesforce representative could comment on this..?

 

Anyway, instead I explicitly specified scope= api id refresh_token (space between each param) which instantly solved my problem and the refresh_token was submitted accordingly.