• celestial_tyrant
  • 0 Points
  • Member since 2010

  • Chatter
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
  • 1

Has anybody succesfully used OAuth for obtaining a sessionId for use with the API in Winter '10?


I've been able to get so far as to generate a valid OAuth access token, but I haven't yet been able to use that access token to get an API session id and I suspect the documentation may not be accurate or complete.


A few observations I've made: 


  • The documentation says the url is https://login.salesforce.com/services/OAuth/type/api-version.  Where type is "c" for the Partner WSDL and "u" for the enterprise WSDL.  This is the reverse of the normal SOAP API, and I assume it is a mistake, but can't verify since I can't get a session id.
  • The documentation says that "authorization header must have the following parameters" when referring to the request to obtain the session.  I take this to mean that one must use the Authorization HTTP header and not POST parameters to obtain the session id.  However, I've not had success with either.
  • If I do not use the authorization header and post the oauth parameters in the body, I get a response of LOGIN_OAUTH_INVALID_DSIG, indicating a bad signature.  Even though I'm using the same code to sign the request as I do for generating the request and access tokens.
  • If I instead use the Authorization HTTP header I get the error LOGIN_OAUTH_METHOD_NOT_SUPPORTED indicating I must use http POST, even though I already am.  Note, in this case the post body is empty.
If anybody has got this last step working it would be very helpful to know how you constructed the request.  Did you use the authorization header?  What were the contents of the POST?  Did you do anything special when generating your signature, in particular the generation of the OAuth Signature Base String and the key used for the signature (I'm using both the consumer and token secrets per the spec). 






  • October 22, 2009
  • Like
  • 0