+ Start a Discussion

interactive login example

The Chatter API Guide shows how to get authentication using grant_type = password.


I'd like to know how to set up the interactive flow.

The OAuth examples on Force.com look like they are not dealing with Chatter.  I tried posting:










but I get an HTTP err 400 back.


The examples I see are posting to a whole different url: login.salesforce.com...

such as this example http://wiki.developerforce.com/index.php/Digging_Deeper_into_OAuth_2.0_on_Force.com


It looks a little suspicious.  In my mind changing from grant_type: password to something else should still post to the same URL.


What si the proper way to get an access token to Chatter REST API?


The Chatter API is REST based, and as such, you can use the OAuth2 flow. LMK what language you are using and I can point you to an appropriate sample.




I am using Java.




This is just the first step but somehow I consistently get error 400.


Java code is actually pretty simple:


as I am following: http://wiki.developerforce.com/index.php/Digging_Deeper_into_OAuth_2.0_on_Force.com


This is the first step:

String query = "";

query += URLEncoder.encode("client_id", "UTF-8") + "=" + URLEncoder.encode(consumerKey, "UTF-8");

query += "&" + URLEncoder.encode("response_type", "UTF-8") + "=" + URLEncoder.encode("code", "UTF-8");

query += "&" + URLEncoder.encode("redirect_uri", "UTF-8") + "=" + URLEncoder.encode(callBackUrl, "UTF-8");


URL loginURL = new URL(oauthUrl + "?" + query);



connection = (HttpURLConnection) loginURL.openConnection();



int responseCode = connection.getResponseCode();


if (responseCode != 200) {

    System.err.println("Got an error after login " + responseCode);

    return "";




Can you please show me the URL you are using to perform the login request? There is also a full java example of OAuth2 in the REST API guide if that helps.


Here is the full string I am sending across:




the client_id is the consumer key that I have working with the grant_type = password.


Sounds like I am missing something really small.  I looked over the URL 20 different times and got the elements from two different sources.  Could my client_id not be eligible for Oauth2 maybe???


For your flow, the grant_type should be 'token'.


Okay, sorry about being dense, but it looks like I am getting conflicting instructions now.


Are these still valid instructions:



In my understanding there are only three required parameters:

response_typeMust be set to "token" to request an access token.
client_idYour application's client identifier (consumer key in Remote Access Detail).
redirect_uriThe authorization server will respond with a redirect to this URI. This parameter must match your application's configured callback URL.


I am also including display = page, but that's optional.


All of those parameters are on the URL string so I get the following query:

"https://login.salesforce.com/services/oauth2/authorize?" + "response_type=token&"  +  "client_id=OejEETOVbx....&" + "redirect_uri=https%3A%2F%2Flocalhost%2Fcallback&" + "display=page"


This is my first request which I assume is then followed up with the screen where people authorize and then I make another request.


What am I missing? 


you are correct. For the initial request, you dont need to specify grant type, but depending on your flow, you may have to include the client secret. Here is a snippet from the Getting Started with REST API article. Note, this example uses a web server that supports the JSP 3.0 spec (thus the web init params):


 * Servlet parameters
@WebServlet(name = "oauth", urlPatterns = { "/oauth/*", "/oauth" }, initParams = {
        // clientId is 'Consumer Key' in the Remote Access UI
        @WebInitParam(name = "clientId", value = "xxxxxxxxxx...xxxxxxxxxx"),
        // clientSecret is 'Consumer Secret' in the Remote Access UI
        @WebInitParam(name = "clientSecret", value = "xxxxxxxxxxxxxxxxxxx"),
        // This must be identical to 'Callback URL' in the Remote Access UI
        @WebInitParam(name = "redirectUri", value = "https://localhost:8443/RestTest/oauth/_callback"),
        @WebInitParam(name = "environment", value = "https://login.salesforce.com"), })
public class OAuthServlet extends HttpServlet {

 lmk if that helps. We will get you up and running.






What error do you get?


I was getting error 400.  I think I figured it out.  My callback URL was not matching the callback URL in the remote access screen exacly.  It's a bit different then what Twitter does (where you can override the callback URL at runtime) so I think I was getting stuck with that.

Robert JakubovRobert Jakubov

hey @cloudcoder

do you have the same instructions for OAuth2 flow for Python clients?