You need to sign in to do that
Don't have an account?
JPA
Connected app - Bad request on requesting new token
Hi,
We have been facing a problem with the refresh token flow.
From time to time, we are getting a bad request response (HTTP Status code 400) when requesting a new token. This problem goes away if we execute 2 or 3 more times this request.
We are using the "Refresh token is valid until revoked" setting, so we can make sure we don't have any problems with this mechanism.
This is the request we are performing:
We have been facing a problem with the refresh token flow.
From time to time, we are getting a bad request response (HTTP Status code 400) when requesting a new token. This problem goes away if we execute 2 or 3 more times this request.
We are using the "Refresh token is valid until revoked" setting, so we can make sure we don't have any problems with this mechanism.
This is the request we are performing:
POST /services/oauth2/token HTTP/1.1 Host: login.salesforce.com/ grant_type=refresh_token& client_id=<client_id>&client_secret=<client_secret>&refresh_token=<refresh_token>Could you help me understand if there is any configuration missing?
https://help.salesforce.com/articleView?id=000313919&type=1&mode=1
Hope this helps..
Thanks,
When the session ID or OAuth token used is expired or is invalid, it gives a 401 error
Whereas, when we are using a "refreshToken" to authenticate, user is not logged in yet. So when refresh token or client secret or client Id etc, anything is incorrect, we will get a HTTP 400 BAD request.
A refresh token is not to be confused with an OAuth token. OAuth Token here means the access token - we get after successful login.
Sample request with invalid access token (Following is an example)
https://vaibhavkaushik-dev-ed.my.salesforce.com/services/data/v44.0/query/?q=select+id+from+account -H 'Authorization: Bearer 00D28000001HXcj!AQkAQEG90CiBEC4kQh62z4Y.VfJSlcdu_gWX4DFHyi3UNtLmU.vMpkj_NojQCtLK2Wncbtq93AUjEKhJvJLBqFemKzfrkESx'
Status: 401 Unauthorized
[
{
"message": "Session expired or invalid",
"errorCode": "INVALID_SESSION_ID"
}
]
Sample request when client secret(7383516191802996352) is Invalid, but a Valid refreshtoken
https://login.salesforce.com/services/oauth2/token?grant_type=refresh_token&client_id=3MVG9ZL0ppGP5UrCuWee4wUo9JDWBU57R.meULq4jwZJJG_lCDg9b91Jqa0zBCTuSwfjFYDVS38Da2q_WOVsQ&client_secret=7383516191802996352&refresh_token=5Aep861TSESvWeug_yKmRM1J.tNEKQRpc9OQ9ErwXMSupqu8M51k_DwygI5LMk.OYz3BGSxAbqzTQ8fws0x3TVd
Status: 400 Bad Request
{
"error": "invalid_client",
"error_description": "invalid client credentials"
}
client secret should be: 7383516191802996351
401 is seen only when an invalid or expired Access Token or Session Id is used to make requests. And 400 is seen when the request to authenticate itself is invalid.
Actually, I'm consistently getting the following error message:
{ "error": "invalid_grant", "error_description": "expired access/refresh token" }
However, there's no reason for this. These are my configurations:
and:
what might be causing this problem?
You can refer to article below :
https://salesforceidiot.blogspot.com/2023/05/how-to-create-connected-app-and-get.html