+ Start a Discussion
Matt Bush 4Matt Bush 4 

Spring 16 Upgrade broke username/password OAuth flow

We are developing an application that runs on Heroku that uses the username/password flow to authenticate into our Salesforce instance.  When running on Winter 16 we were using the username/password OAuth flow and passing the personal security token so that we could use the Enforce IP restrictions in the connected app.  The application has had no issues logging into either sandbox or production environments until the upgrade to Spring 16 in Sandbox.  Since the upgrade we have been unable to log into sandbox using the original flow as programmed in the app.  We initially attempted to resolve the issue by resetting the personal security token but that had no effect on the error we are receiving, "invalid_grant - Authentication failure".  We have found a workaround to keep us developing which is to relax the ip restrictions and remove the personal security token from the login flow but this is only a temporary fix and not what we would like to deploy into production.

Also, we did switch the app over to point to production to verify that we are not having any issues there and it works fine; production is still on Winter 16.

Any idea what changed in the username/password OAuth flow with the upgrade to Spring 16?  I cannot find anything in the release notes that points to what the issue may be.
Matt Bush 4Matt Bush 4
Just wanted to update that this has been resolved by Salesforce, we can now pass the personal security token and login using IP Restrictions again.