+ Start a Discussion
Nirmal VasanthakumarNirmal Vasanthakumar 

Minimum selected oauth scopes needed in connected app for native iOS app?

I am working on a native iOS app.Theoretically  native Connected Apps, need a minimum of "Perform requests on your behalf at any time" and "Access and manage your data".However I get the error as:

 

ErrorDomain= com.salesforce.oauthErrorDomainCode=666  com.salesforce.OauthErrorDomain in1804: requested+scope+not+allowed       NSLocalizedDescription= com.salesforce.OauthErrorDomain in1804: requested+scope+not+allowed

 


However when I set the minimum selected scopes to  "Perform requests on your behalf at any time" and "Access and manage your data" and "Provide access to your data via the Web" I can access and work on native iOS app.

 

Question In Short: What is the minimum selected oauth scopes needed in connected app for native iOS app?

 

and do we need to "Provide access to your data via the Web" also in addition to ("Perform requests on your behalf at any time" and "Access and manage your data").

 

 

Best Answer chosen by Admin (Salesforce Developers) 
Kevin HawkinsKevin Hawkins

Sorry, my previous answer is a little misleading, because by default the parent app delegate in the iOS SDK defines the requested scopes as "web" and "api" (in addition to "refresh_token", which is implicitly added in the OAuth library).  I do not believe that the "web" scope should be strictly necessary, unless you have a web component in your native app which is accessing Salesforce web pages which require authentication.

 

You can override the requested scopes in your own app delegate, by overriding the oauthScopes method:

 

+ (NSSet *)oauthScopes
{
    return [NSSet setWithObjects:@"api", nil]; 
}

 Give that a try, and see if you run into issues.  As I said, I think you're safe without the "web" scope, if you're not making calls for Salesforce web pages.

All Answers

Gaurav KheterpalGaurav Kheterpal

There was a similar post aimed at hybrid apps which mentions

 

http://boards.developerforce.com/t5/Mobile/Android-Hybrid-App-without-OAuth/td-p/456465

 

"For hybrid apps, we recommend a minimum scope set of "web" and "api" at this point.  The "visualforce" scope, unfortunately, is not generally sufficient for the permissions hybrid apps need to get through the authentication setup."

 

The auth piece for both native and hybrid apps uses the oAuth webview. Going by that logic, I'm thinking that the scopes should be same.

 

I hope that helps.

 

Regards,
Gaurav

Kevin HawkinsKevin Hawkins
The "web" scope is not necessary for the OAuth process itself--OAuth authentication/authorization does not require specific scopes. That would present something of a chicken and egg problem.

The issue you're seeing is a disparity between what's defined in your Connected App on the server and what's defined in your client. What client scopes do you have defined in your AppDelegate?
Kevin HawkinsKevin Hawkins

Sorry, my previous answer is a little misleading, because by default the parent app delegate in the iOS SDK defines the requested scopes as "web" and "api" (in addition to "refresh_token", which is implicitly added in the OAuth library).  I do not believe that the "web" scope should be strictly necessary, unless you have a web component in your native app which is accessing Salesforce web pages which require authentication.

 

You can override the requested scopes in your own app delegate, by overriding the oauthScopes method:

 

+ (NSSet *)oauthScopes
{
    return [NSSet setWithObjects:@"api", nil]; 
}

 Give that a try, and see if you run into issues.  As I said, I think you're safe without the "web" scope, if you're not making calls for Salesforce web pages.

This was selected as the best answer
Nirmal VasanthakumarNirmal Vasanthakumar

Thanks a lot.It solved the issue I was facing.