Apex Code Development You need to sign in to do that
Don't have an account?
JWT Assertion - Summer 13 Issue
Hi,
I had a method which was fetching the access token for another Salesforce Org, using JWT assertion. It was working well till the Summer 13 update happened. Now I am getting "invalid client credentials" error, a bad request. Anyone else having the same issue, any workarounds?
Here is the code:
String username = 'abc@abc.com';
Long rightNow = (dateTime.now().getTime()/1000)+1;
String claimSet = '{"iss": "' + CSetting.getSettingValue('Consumer Key', '') + '", ';
claimSet = claimSet + '"prn": "' + username + '", ';
claimSet = claimSet + '"aud": "https://login.salesforce.com", ';
claimSet = claimSet + '"exp": "'+ (rightNow + 300) + '"}';
String header = '{"alg":"HS256"}';
String signatureInput = base64URLencode(blob.valueOf(header))+'.'+base64URLencode(blob.valueOf(claimSet));
String privateKey = CSetting.getSettingValue('Consumer Secret', '');
Blob signature = Crypto.generateMac('hmacSHA256',blob.valueof(signatureInput),blob.valueof(privateKey));
String jwt = signatureInput + '.' + base64URLencode(signature);
String body = 'grant_type=' + encodingUtil.urlEncode('urn:ietf:params:oauth:grant-type:jwt-bearer','UTF-8')+'&assertion='+jwt;
HttpRequest req = new HttpRequest();
req.setMethod('POST');
req.setEndpoint('https://login.salesforce.com/services/oauth2/token');
req.setHeader('Content-type', 'application/x-www-form-urlencoded');
req.setBody(body);
Http http = new Http();
HTTPResponse res = http.send(req);
Salesforce support confirmed that they dont support HMAC algo anymore and we have to use RSA now.