+ Start a Discussion
dotNetkowdotNetkow 

Oauth 2.0 Authorization screen trouble

Using this guide as a reference, I've created a Remote Access application entry in my developer account.

I'd like to play around with the Authorization screen that the user should see after navigating to this URL:

 

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=<your_client_id>&redirect_uri=<your_redirect_uri>

 

When I fill in the right values and navigate to the URL, I am not taken to the screen that I expect to see here, but rather the regular Salesforce login screen.  What am I getting wrong?  Thanks.

Best Answer chosen by Admin (Salesforce Developers) 
dotNetkowdotNetkow

You are correct - I phrased my statement wrong: what drew me to Salesforce's implementation of Oauth was the inclusion of the application approval screen.

 

Anyway, I figured out the issue: There is a "No user approval required for users in this organization" checkbox that is checked by default - I unchecked it and that fixed the issue.  Thanks.

All Answers

dkadordkador

That's the point of oauth - the user logs in against the regular salesforce UI, and on success, is then redirected to whatever redirect_uri you set.

 

So it sounds like it's working correctly.

dotNetkowdotNetkow

True, you make a good point.  However, partially what drew me to Oauth, based on what my project needs to accomplish, was the ability to have a custom authorization screen.  If this capability is not possible, Salesforce should update their documentation.

dkadordkador

I believe you're misunderstanding the point of oauth, which is to let a trusted authority (us) handle usernames and passwords so that you don't have to.

 

If you'd like to build your own login UI, go ahead and do it.  You can use SOAP login or the username/password flow in oauth2 once you capture the username and password.

 

You could also look into delegated authentication.

dotNetkowdotNetkow

You are correct - I phrased my statement wrong: what drew me to Salesforce's implementation of Oauth was the inclusion of the application approval screen.

 

Anyway, I figured out the issue: There is a "No user approval required for users in this organization" checkbox that is checked by default - I unchecked it and that fixed the issue.  Thanks.

This was selected as the best answer
John T.John T.

Can you capture the username and password in Oauth 2.0?

dkadordkador

Part of the value-add of oauth2 is that application developers don't get access to your username and password.  Why do you want to capture them?

John T.John T.

Hi dkador,

 

I want my application to have chatter which uses OAuth and at the same time I want to have access to my dashboard files which needs username and password parameter to access the file or url.