You need to sign in to do that
Don't have an account?
OAuth 2.0 Web Server Flow with HTTPS callback uri
Hi,
I've implemented Salesforce OAuth 2.0 Web Server flow and it works perfectly well with a HTTP callback uri. But when I use an HTTPS callback URI, the page on which the User Approves the app to use Salesforce asks for less permissions than what is shown for HTTP URI.
The Remote Access Applications setup for both is exactly the same except the callback uri's ( obviously )
The page requesting the user to grant access for HTTP callback uri is asking for 3 permissions ( see https://www.dropbox.com/s/62qzsgev3nidw9o/developersalesforce.tiff )
1. Access your basic information
2. Access and manage your data
3. Perform requests on your behalf at any time
While the same page for HTTPS callback uri is only asking the first two options and not the third one ( see https://www.dropbox.com/s/w0k92iu42wuudug/securesalesforce.tiff )
Because of this, I cannot refresh my access tokens and the request to refresh access token fails.
Any insights on this will be highly appreciated.
Regards,
Agraj
Are you sure you've asked for all 3 scopes in your configuration on the server?
Thanks chuck for the hint.
I'm not specifying any scope values while authorizing against Salesforce but the value of scope returned by "developer" and "secure" applications are different and therefore causing the problem.
For developer the value of scope returned is "id api refresh_token"
For secure ( which is not working ) the value of scope is "id api".
Why is this so ? when documentation says that default value of scope would be "id api refresh_token"
What governs the value of scope returned ?
Update: I manually added the scope parameter while sending authorization request. The HTTP request looks like
"https://login.salesforce.com/services/oauth2/authorize?response_type=token&client_id={my_client_id}&redirect_uri=https://{path_to_my_html}&state=myState&scope=id api refresh_token"
but the response that I get is
What could be the reason that scope=id api refresh_token is treated as an invalid_scope and why it is not available to me?
I tried sending scope='id api refresh_token' ..... values of scope within quotes but that also didnt helped and resulted in
Unable to Access Page. The value of the "scope" parameter contains a character that is not allowed or the value exceeds the maximum allowed length. Remove the character from the parameter value or reduce the value length and resubmit. If the error still persists, report it to our Customer Support team. Provide the URL of the page you were requesting as well as any other related information.
Any help will be highly appreciated. I'm kinda blocked because of this !!
One more thing to note is that I messed up the Subject of this Problem. It should be User-Agent Flow and not Web Server Flow
Anybody succeded with implementing User-Agent flow with HTTPS callback uri ?
Did you find any solution for this ?
You should look at the Connected App as it's defined in Setup, and see if the refresh token scope is requested for the app
Have the same issue with "state" parameter in OAuth2 flow
HTTP 500
Unable to Access Page
The value of the "state" parameter contains a character that is not allowed or the value exceeds the maximum allowed length. Remove the character from the parameter value or reduce the value length and resubmit. If the error still persists, report it to our Customer Support team. Provide the URL of the page you were requesting as well as any other related information.
Getting the same problem as Agraj, still no answers for this?
All scopes are on the salesforce config and my POST. Single token works fine just gives error when the POST asks for a refresh_token
Single token works for API queries etc until it expires
Under step 3 it reads the following: So I have no idea how to proceed but this would explain why it works on localhost.
I attempted to create a server that ran on the HTTP protocol but it wouldn't let me register it because it wasn't HTTPS
This issue isn't resolved but the last line about does seem to add some information about why it's null.