+ Start a Discussion

Chatter Rest API and Authorization Code

I am trying to retrieve an authorization token.


string uri = "https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=" + clientid + "&redirect_uri=" + redirecturl ;


passing the response_type, consumer key and redirecturl as specified in the documentation


var webRequest = (HttpWebRequest)WebRequest.Create(uri);
webRequest.Method = "POST";


Getting a Response


using (var response = webRequest.GetResponse() as HttpWebResponse)
if (webRequest.HaveResponse && response != null)
using (var reader = new StreamReader(response.GetResponseStream()))
string result = reader.ReadToEnd();


the variable result contains a string. Extract below:


window.location.href ='https://login.salesforce.com/?ec=302&startURL=%2Fsetup%2Fsecur%2FRemoteAccessAuthorizationPage.apexp%3Fsource%3Dl86Hcy6qEKtWNqzXVErZDlmcRQs0D_HBE55MLVuP3x8t5wXkyHYyrVx2Xb5JoWzyVOJrnTqMMaWy_Sfomv.j1xklSQ67NPiEbdAN9HJgqZjxhVB_wL5WAOIs5h_Bfy.gt68kEhf74mUA0L6xTL_EeHuTTcX014TQZDXchWGtUirnE8kcAlfDjqOUgJVKM8sRgRdfY1iz0fqi2RpSvGVAvMI2FrpnphOGYZeUK4sMdypAhYGABRwk.B2z1IQR7XEGQDdZElS41.Se2fL.Ppaz9_bta1AbBo95jMPSAq93gdgP3GhCR3AmBr6oYgXxX0asg6dafLyGhA%253D%253D%26sdtd%3D1&sdtd=1



I can run this but it forces a login page to load and after entering my username/password the returned url includes the following:




which includes the authorization code


But I do not want to have to open a login page. Instead I want to be able to retrieve the authorization code programmatically to continue the process.


1. Is there any way I can simulate the login to retrieve the code?

2. Can I make the authorization code unexpired (ie retrieve the authorization code once and be able to re-use it)


Going by the Force.com REST API Developer's Guide 



2. The user logs into Salesforce with their credentials. The user is interacting with the authorization endpoint directly, so the application never sees the user’s credentials. After successfully logging in, the user is asked to authorize the application.
Note that if the user has already authorized the application, this step is skipped.
3. Once Salesforce confirms that the client application is authorized, the end-user’s Web browser is redirected to the callback URL specified by the redirect_uri parameter. Salesforce appends authorization information to the redirect URL with the following values:


An example callback URL with authorization information might look something like:



So yes, the above example is what I get after login but what if I want to create an automated process to retrieve the authorization code?


Seems like a bit of crock.


The Developer's Guide goes on:


4. The application extracts the authorization code and passes it in a request to Salesforce for an access token. This request is a POST request sent to the appropriate Salesforce token request endpoint, such as


So how do I go about programmatically extracting the authorization code from my browser back to the application I'm building?







Found another document which states:

It is expected that the redirect_uri web page is hosted by the client application server.



The redirect url (or callback url) has to be https so to learn this/use developer edition I've got to go get an SSL Certificate?


It goes on to state:
The client application server must extract the authorization code and pass it in a request to Database.com for an access token.


What the f*** is Database.com?


It might be the worlds #1 Sales, Service and Marketing App but they're guff for documentation, tutorials and examples