function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
camelUsercamelUser 

Integration Authentication issues / flow

I Have created an integration that updates Opportunity Data and creates new ContentVersion (Documents), i have created a connected app (web server flow) to allow the integration to authenticate via OAUTH and make the required changes.

Problem: The issue is that a single user is used for the whole integration meaning if the users password happens to expire (we are unable to set this to not expire based because of company procedure) or if the user happens to request a new security token (Profile > My personal infomation > Reset My Security Token) then the call to generate a access token will fail and the integration is effectivly offline untill the the settings can be alterd.

I have been told that using a refresh token could help in preventing this issue, is this correct / does any one have some basic curl examples i can refer to?

What i am trying to achieve: Allow the integration to continue if the users Access Token has been changed / if the users password has expired.

Current process: Currently on each call to Salesforce i first preform a call to get an OAuth token, which is then used in the next call e.g. update opportunity.

Call represented by the curl statment below.

curl https://example.my.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=EXAMPLE_4446575" -d "client_secret=EXAMPLE_4545441" -d "username=example@example.com" -d "password=Password+Security Token"
on sucessful call i get  
{
    "access_token": "accesstoken_636366363",
    "instance_url": "https://example.my.salesforce.com",
    "id": "https://test.salesforce.com/id/054445554454",
    "token_type": "Bearer",
    "issued_at": "example_1556289115669",
    "signature": "example_4844848488484484844848484844884
}
When Token or Password has expired or changed i get:
  
{
    "error": "invalid_grant",
    "error_description": "authentication failure"
}

I thought that in this case useing a refresh token call would get me a new Access Token, this is what i tried:
 

curl https://example.my.salesforce.com/services/oauth2/token -d "grant_type=refresh_token" -d "client_id=EXAMPLE_4446575" -d "client_secret=EXAMPLE_4545441" -d  "refresh_token=accesstoken_636366363"

I get the ERROR:

{
	"error":"invalid_grant",
	"error_description":"expired access/refresh token"
}


On investergation i can see that this error is commen if i havent selected the "Perform requests on your behalf at any time (refresh_token, offline_access)" scoope in my connected app, however this is sellected.

Does Anyone have any ideas what i am doing incorrectly / if this is not the correct method for what i am trying to achieve / what other applications do to overcome the integration user expiring issue?