Apex Code Development You need to sign in to do that
Don't have an account?
Steve Brown Did OAuth Refresh Token Break Yesterday?
I was abloe to refresh my OAuth tokens for several months until yesterday. Then I noticed that the refresh token endpoint started returning JSON consistently, even though I have always requested url-encoding. Today I noticed that I don't even get JSON anymore, and instead get the "expired access/refresh token error".
The only change I made yesterday was add the client ID to SOAP calls so we can be Aloha-enabled. All the API calls work fine. Even getting a new access token. It's just the refresh token flow that is broken.
Could the inclusion of the Aloha client ID affect my refresh token logic, or did something change on SF side?
Thanks,
-Steve
Hi Steve,
I belive there was a bug with the Authentication.
Please see the answer on this similar post: http://boards.developerforce.com/t5/General-Development/oauth-authorization-no-longer-returning-refresh-token-HELP/td-p/398175
Thanks, Chris.
I'm on that thread as well. The bug I'm experiencing is related (refresh token) but different. I can get a refresh token when I ask for an access token, but I can no longer refresh the access token. It started out yesterday afternoon giving me the new access token, but not in the requested response format (JSON instead of URL-encoded). I went to re-visit the issue this morning and I don't even get JSON anymore. I consistently get the "invalid_grant" response, with the message "expired access/refresh token".
As of today, it's just flat-out busted. :-(
-Steve
Update:
I figured out why I was getting the grant type. I wasn't un-protecting the refresh token in my test code that is trying to refresh the token. So now that I have that fixed, I can get a response from SF with a new access token.
However, all responses are still in JSON, regardless of which response format I request. The endpoint seems to no-longer honor the HTTP Accept header, nor the format parameter.
If I use the following code, I get back JSON even when I ask for URL-encoded or XML:
HttpWebRequest webRequest = null;
HttpWebResponse webResponse = null;
try
{
webRequest = (HttpWebRequest)WebRequest.Create(SALESFORCE_REFRESH_TOKEN_URL);
webRequest.Method = "POST";
webRequest.ContentType = "application/x-www-form-urlencoded";
//webRequest.Accept = "application/x-www-form-urlencoded";
using (StreamWriter writer = new StreamWriter(webRequest.GetRequestStream()))
{
System.Text.StringBuilder sb = new System.Text.StringBuilder();
sb.AppendFormat("grant_type={0}", HttpUtility.UrlEncode("refresh_token"));
sb.AppendFormat("&refresh_token={0}", HttpUtility.UrlEncode(token.RefreshToken));
sb.AppendFormat("&client_id={0}", HttpUtility.UrlEncode(token.ConsumerKey));
sb.AppendFormat("&format={0}", HttpUtility.UrlEncode("xml"));
writer.WriteLine(sb.ToString());
}
webResponse = (HttpWebResponse) webRequest.GetResponse();
using (StreamReader reader = new StreamReader(webResponse.GetResponseStream()))
{
String responseBody = reader.ReadToEnd();
...
}
catch (WebException err)
{
...