Has anybody succesfully used OAuth for obtaining a sessionId for use with the API in Winter '10?
I've been able to get so far as to generate a valid OAuth access token, but I haven't yet been able to use that access token to get an API session id and I suspect the documentation may not be accurate or complete.
A few observations I've made:
- The documentation says the url is https://login.salesforce.com/services/OAuth/type/api-version. Where type is "c" for the Partner WSDL and "u" for the enterprise WSDL. This is the reverse of the normal SOAP API, and I assume it is a mistake, but can't verify since I can't get a session id.
- The documentation says that "authorization header must have the following parameters" when referring to the request to obtain the session. I take this to mean that one must use the Authorization HTTP header and not POST parameters to obtain the session id. However, I've not had success with either.
- If I do not use the authorization header and post the oauth parameters in the body, I get a response of LOGIN_OAUTH_INVALID_DSIG, indicating a bad signature. Even though I'm using the same code to sign the request as I do for generating the request and access tokens.
- If I instead use the Authorization HTTP header I get the error LOGIN_OAUTH_METHOD_NOT_SUPPORTED indicating I must use http POST, even though I already am. Note, in this case the post body is empty.