Salesforce Authentication Failing

oauth-2.0 salesforce force.com

Solution 1:

For anyone who is as stuck and frustrated as I was, I've left a detailed blog post on the entire process (with pictures and ranty commentary!). Click the link if you want that:

http://www.calvinfroedge.com/salesforce-how-to-generate-api-credentials/

Here is a text only answer:

Step 1:

Create an account. You can create a (free) developer account at developer.salesforce.com

Step 2:

Ignore all the landing pages and getting started crap. It's an endless marketing loop.

Step 3:

Click the "Setup" link

Step 4:

In the lefthand toolbar, under "Create", click "Apps"

Step 5:

Under "Connected Apps" click "New"

Step 6:

Fill out the form. Important fields are the ones marked as required, and the oauth section. Note that you can leave any url for your callback (I used localhost).

Step 7:

Be advised that Salesforce has crappy availability.

Step 8:

Press continue. You finally have your client_id key (labelled 'Consumer Key') and client_secret (labelled 'Consumer Secret').

Step 9:

But wait! You're not done yet; select 'Manage' then 'Edit Policies'

  1. Make sure IP relaxation is set to Relax IP restrictions,

  2. and make sure that Permitted Users is set to "All users may self-authorize.",

  3. and also make sure the your Security > Network Access > Trusted IP Ranges has been set

OAuth settings

Security > Network Access > Trusted IP Ranges

If you're concerned about disabling security, don't be for now, you just want to get this working for now so you can make API calls. Tighten permissions once you have everything working, one at a time, so you can figure out what setting is giving you authentication errors.

Step 10:

Celebrate! This curl call should succeed:

on production:

curl -v https://login.salesforce.com/services/oauth2/token \
  -d "grant_type=password" \
  -d "client_id=YOUR_CLIENT_ID_FROM_STEP_8" \
  -d "client_secret=YOUR_CLIENT_SECRET_FROM_STEP_8" \
  -d "[email protected]" -d "[email protected]"

on sandbox or test:

curl -v https://test.salesforce.com/services/oauth2/token \
  -d "grant_type=password" \
  -d "client_id=YOUR_CLIENT_ID_FROM_STEP_8" \
  -d "client_secret=YOUR_CLIENT_SECRET_FROM_STEP_8" \
  -d "[email protected]" -d "[email protected]"

Notes:

  • You shouldn't be doing password authorization if you're building a multi-tenant app, where users need to authorize their own application. Use the Oauth2 workflow for that.

  • You may need to pass in your security token appended to your password.

Solution 2:

We had this issue as well.

Check your Connected App settings - under Selected OAuth Scopes, you may need to adjust the selected permissions. Our app primarily uses Chatter, so we had to add both:

  • Access and manage your Chatter feed (chatter_api)
  • Perform requests on your behalf at any time (refresh_token).

Again, your mileage may vary but try different combinations of permissions based on what your Application does/needs.

Additionally, the actual invalid_grant error seems to occur due to IP restrictions. Ensure that the server's IP address that is running the OAuth authentication code is allowed. I found that if the SFDC environment has IP restriction setting Enforce IP restrictions set (Setup -> Administer -> Manage Apps -> Connected Apps), then each User Profile must have the allowed IP addresses as well.

Solution 3:

TL:DR

For OAuth 2 tokens if you login...

  • At login.salesforce.com use https://login.salesforce.com/services/oauth2/token
  • At test.salesforce.com use https://test.salesforce.com/services/oauth2/token

Story:

  1. I was following Salesforce "Set Up OAuth 2.0"
  2. Credentials were correct (many character by character checks)

  3. When I'd call curl https://login.salesforce.com/services/oauth2/token -d "...credentials..." it still failed with:

    {"error":"invalid_grant","error_description":"authentication failure"}

Solution:

Realized there are different OAuth environments when reading Digging Deeper into OAuth 2.0 in Salesforce specifically (emphasis added):

OAuth 2.0 Authentication Endpoints

OAuth endpoints are the URLs that you use to make OAuth authentication requests to Salesforce. When your application makes an authentication request, make sure you’re using the correct Salesforce OAuth endpoint. The primary endpoints are:

  • Authorization—https://login.salesforce.com/services/oauth2/authorize
  • Token—https://login.salesforce.com/services/oauth2/token
  • Revoke—https://login.salesforce.com/services/oauth2/revoke (see Revoke OAuth Tokens for details on revoking access)

Instead of login.salesforce.com, customers can also use the My Domain, community, or test.salesforce.com (sandbox) domains in these endpoints.

Fix

Because I logged into my environment via test.salesforce.com switching to curl https://test.salesforce.com/services/oauth2/token -d "...credentials..." resulted in a "Congrats! (>^_^)> Give OAuth token response"

Solution 4:

To whitelist an IP address range follow these steps:

  1. Click Setup in the top-right
  2. Select Administer > Security Controls > Network Access from the left navigation
  3. Click New
  4. Add your ip address range
  5. Click Save

Related

Eclipse doesn't stop at breakpoints
Make scrollbars only visible when a Div is hovered over?
How to run a cron job on every Monday, Wednesday and Friday?
How to verify if nginx is running or not?
How do I get the current date and current time only respectively in Django?
How to get device width and height?
Why GDB jumps unpredictably between lines and prints variables as "<value optimized out>"?
How to create a System.Drawing.Color from its hexadecimal RGB string?
How to control docking order in WinForms
Lazy Loading BrowserModule has already been loaded
MKMapView Zoom and Region
Could not load file or assembly 'Antlr3.Runtime (1)' or one of its dependencies