Apex Code Development You need to sign in to do that
Don't have an account?
IvanV Single consumer key/secret pair working on different orgs?
Hi,
I just wanted to check this with others before reporting it as a bug, to see if this behavior is actually by design...
On my dev org, I have generated a Remote Access customer key/secret pair for my SF connectivity app. After setting the OAuth up in my app, the connectivity works fine. But I noticed that I could access the data from other dev orgs with the same customer key/secret combination, even if those orgs didn't have remote access set up (I still had to log in as a different user, though).
Is this standard behavior for dev orgs, and did anyone else notice it?
If you have a Org A and have the Remote Access enabled.
and have other orgs or client applications, such as Org B.
From Org B, you can use the customer key/secret of Org A to get the Data of Org A.
No relation to the Remote Access of Org B.
This is a standard way of Remote Access, and in fact this is what the Remote Access for using.
Check the Remote Access Application Overview in the Online Help.
OK, but that is not exactly what I asked...
Consider following premises:
- I have Org A and Org B
- only Org A has Remote Access set up
- I have an external web App C (written in Java, for example) that uses customer key/secret of Org A for OAuth access to SalesForce
- during the OAuth authentication/authorization process, I log into SFDC with Org B username and password.
Now App C accesses only Org B data.
Is this the standard behavior? I have to point out that I tested this on dev orgs, so this might not happen on regular production orgs.
RemoteAccess configs are automatically shared, so that they don't need installing in every org that's trying to use a particular app.
"RemoteAccess configs are automatically shared, so that they don't need installing in every org that's trying to use a particular app."
Ah, I see. Thank you.