You need to sign in to do that
Don't have an account?
Bryan Leaman 6
Strange behavior of OAuth2 connected app definition
I've developed some code using Salesforce REST APIs to perform simple queries from external systems. I've created a Connected App definition in my sandbox and connect to it using https://{sandbox-host-name}.my.salesforce.com with grant_type=password, our client_id, client_secret, username & password+api key and it works great.
The strange behavior is that I can use the same Consumer_Key and Consumer_Secret with our production org host with a production username, password and API key and it ALSO works great. But I haven't moved the connected app definition to production yet!
How does this meet the definition of security? Am I missing something?
The strange behavior is that I can use the same Consumer_Key and Consumer_Secret with our production org host with a production username, password and API key and it ALSO works great. But I haven't moved the connected app definition to production yet!
How does this meet the definition of security? Am I missing something?
Your ask looks similar to https://developer.salesforce.com/forums/?id=906F0000000AyJvIAK. According to this,
If you define a Connected App in at least in one org, that registers that Application name on the Salesforce service such that the client Id and token are now validate to perform oAuth against any other Salesforce org. This is also explained in this (https://developer.salesforce.com/blogs/developer-relations/2011/07/quick-tip-using-oauth-across-multiple-orgs.html) blog post.
"You only need to setup a single Remote Access Application and you can then use the assigned ’Client Id’ and ‘Client Secret’ values to have users log into any Salesforce Org – not just the one where the Remote Access Application was setup. This question is especially relevant to ISV partners that are developing Managed Package applications are are installed by multiple customers in their respective Orgs"
If this information helps, please mark the answer as best. Thank you
All Answers
Your ask looks similar to https://developer.salesforce.com/forums/?id=906F0000000AyJvIAK. According to this,
If you define a Connected App in at least in one org, that registers that Application name on the Salesforce service such that the client Id and token are now validate to perform oAuth against any other Salesforce org. This is also explained in this (https://developer.salesforce.com/blogs/developer-relations/2011/07/quick-tip-using-oauth-across-multiple-orgs.html) blog post.
"You only need to setup a single Remote Access Application and you can then use the assigned ’Client Id’ and ‘Client Secret’ values to have users log into any Salesforce Org – not just the one where the Remote Access Application was setup. This question is especially relevant to ISV partners that are developing Managed Package applications are are installed by multiple customers in their respective Orgs"
If this information helps, please mark the answer as best. Thank you
https://salesforce.stackexchange.com/questions/70284/how-can-i-deploy-a-connected-app-from-my-sandbox-environment-to-my-production-en