Apex Code Development You need to sign in to do that
Don't have an account?
mikebz {"error":"invalid_grant","error_description":"authentication failure - Invalid Password"}
I am following the guidelines from the Chatter guide and somehow I can't get the OAuth to work.
It's not working from Java or curl. Here is what I am doing:
mike$ curl --form client_id=3MVG9yZ.WNe6bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxu5AjB4oT9kxi8SEhY --form client_secret=26542xxxxxxxxxxx78 --form grant_type=password --form username=xxxxxxxx@gmail.com --form password=xxxxxxx https://na11.salesforce.com/services/oauth2/token
What I am getting is:
{"error":"invalid_grant","error_description":"authentication failure - Invalid Password"}
I double checked and I am getting into na11 with the right password. Is there anything else I need to do?
Here are the settings in my remote access:
| Application | chatter |
| Callback URL | https://na11.salesforce.com/ConnectTest/oauth/_callback /// temp one |
| No user approval required for users in this organization |   |
You probably need to include your API security token with the password. See the help topics on identity confirmation.
All Answers
You probably need to include your API security token with the password. See the help topics on identity confirmation.
Bingo! however I was hoping that the tokens are done with when it comes to OAuth. I guess not.
They are if you use one of the interactive flows, but not for any programatic flow.
Hi Simon,
I am writing a .Net (GUI-less) application to talk to Chatter REST API.
And first problem I am facing is at getting OAuth token.
Every article about OAuth says that one has to provide callback URL where OAuth token will be provided. But when we are developing an application which cannot be reached from outside (through an URL), how can we get OAuth token?
What is the way to get OAuth token programatically?
Thanks,
Vishal
You can use the username-password OAuth2 flow. there are details in the remote access parts of the online help, and on the blog.
Hi Sir.
Nice ............
Hi Simon, where'd you find the information about using just username and password? Long shot but hoping you remember.
Hi there
We have the problem of getting authenticated by our SF sandbox environment
When we exclude security token from password it obviously returns API sec. token required, which we expect to happen
However when we DO include (append) the security token the sandbox returns 'invalid password', but the password is ok and we use that password while logging in the gui
How come?
thanks
Stefan
s-tobe@xubuntuXPS:~$ curl https://test.salesforce.com/services/oauth2/token -d grant_type=password&client_id=<clientid>&username=<username>&password=<password>' -H "X-PrettyPrint: 1"
{
"error" : "invalid_grant",
"error_description" : "authentication failure - Failed: API security token required"
s-tobe@xubuntuXPS:~$ curl https://test.salesforce.com/services/oauth2/token -d grant_type=password&client_id=<clientid>&username=<username>&password=<password><security token>' -H "X-PrettyPrint: 1"
{
"error" : "invalid_grant",
"error_description" : "authentication failure - Invalid Password"
Have you tried adding the client_secret?
I'm having the same problem:
curl -X POST --verbose -d @datasj.txt https://login.salesforce.com/services/oauth2/token
datasj.txt:
grant_type=password&client_id=xxxxxxxxxxxx&client_secret=XXXXXX&username=santosh_joseph%40vht.com&password=xxxxxxXXXXXX
I do have the security token appened to the password.
User password oauthentication flow work after change "IP Restrictions" to "Relax IP restrictions" setting
Thanks again
below is my code:
PostMethod post = new PostMethod("https://login.salesforce.com/services/oauth2/token");
post.setParameter("grant_type","password"); post.setParameter("client_id","3MVG9ZL0ppGP5UrBtzV375FzNEKv4M0YHXq47vVM8O3rYjXp1VkxmcTRA_mpzUYB6vtedwwGS.3AG6lsiIODA");
post.setParameter("client_secret",secretKey);
post.setParameter("username","krati0009@gmail.com");
post.setParameter("password","*****");
// post.addParameter("redirect_uri",redirecturi);
HttpClient httpclient = new HttpClient();
httpclient.executeMethod(post);
my password has security key appended, still im getting the "invalid_client". kindly guide
Plz go to Create --> App --> Connected App. click on "connected app" then click on "Manage" button. On click, you have to change "IP Relaxation" setting to "Relax IP Restrictions". With this setting you can resolve such issue.
Thanks
Abhishek
Reference: https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_oauth_endpoints.htm?state=id
-d "username=aaa@bbb.com" -d "password=ccccccxxxxxxxxxxx"
still having same problem:{"error":"invalid_grant","error_description":"authentication failure"}* Connection #0 to host login.salesforce.com left intact
i'm open to suggestions on what might be causing my error.
Nothing worked.
Im still getting
{
"error": "invalid_grant",
"error_description": "authentication failure"
}
Any suggestions?
you need to change the Permitted Users to "All users may self-authorize"
1. I have changed IP relaxation to 'Relax IP Restriction'
2. I have added trusted IP range for my org.
3. I have added login ranged to profile.
4. I have changed default login.salesforce.com url to test.salesforce.com/ myBaseUrl.salesforce.com
Still I am getting invalid grant error on sandbox.
Note- On production/dev org its working fine issue is when I try to connect to a sandbox.
example pwd=jagan123
My connection String:
https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=<client_id>&client_secret=<client_secret>&username=<username>&password=pwdsecuritytoken
I gave like this. So, its worked for me.
There are a few things that may cause Salesforce API integration login errors like "authentication failure" and "nexpected character encountered while parsing value: e. Path...". Here is check list to ensure a guaranteed solution:
1) Make sure you are passing the token URL into the AuthenticationClient.UsernamePasswordAsync if you are appending an security token with your password.
2) Make sure your token URL is pointing to the sandbox URL "https://test.salesforce.com/services/oauth2/token" or the product URL "https://login.salesforce.com/services/oauth2/token" if you are accessing a production environment.
3) Make sure you are using the correct security token, client id, and client secret as well as username and password credentials.
4) Make sure you assign the correct security protocol to ServicePointManager.SecurityProtocol. (i.e. SecurityProtocolType.Tls11). This needs to be set before you attempt to login.
Keep in mind this error can be related to multiple scenarios.
Hope this helps.
Thanks,
Sidney
I am trying to call the SANDBOX and I cant get my OAuth to work.
I am using Curl to make the call.
curl -v --cacert cacert.pem POST -H --URL 'https://test.salesforce.com/services/oauth2/token' -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=password&client_id=<client_id>&client_secret=<client_secret>&username=<username>&password=<password><securitytoken>'
When I execute this command, this is the output that i am getting
* Rebuilt URL to: POST/
* Hostname was NOT found in DNS cache
* getaddrinfo(3) failed for POST:80
* Couldn't resolve host 'POST'
* Closing connection 0
curl: (6) Couldn't resolve host 'POST'
* Hostname was NOT found in DNS cache
* Trying 136.147.58.45...
* Connected to test.salesforce.com (136.147.58.45) port 443 (#1)
* successfully set certificate verify locations:
* CAfile: cacert.pem
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Salesforce.com, Inc; OU=Applications; CN=test.salesforce.com
* start date: 2015-06-05 00:00:00 GMT
* expire date: 2018-06-04 23:59:59 GMT
* subjectAltName: test.salesforce.com matched
* issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Secure Server CA - G4
* SSL certificate verify ok.
> POST /services/oauth2/token? HTTP/1.1
> User-Agent: curl/7.37.0
> Host: test.salesforce.com
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 251
>
* upload completely sent off: 251 out of 251 bytes
< HTTP/1.1 400 Bad Request
< Date: Fri, 07 Apr 2017 19:44:31 GMT
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Security-Policy: reflected-xss block;report-uri /_/ContentDomainCSPNoAuth?type=xss
< Content-Security-Policy: referrer origin-when-cross-origin
< Set-Cookie: BrowserId=_BCFUJXiSAunloQikTqmQw;Path=/;Domain=.salesforce.com;Expires=Tue, 06-Jun-2017 19:44:31 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store
< X-ReadOnlyMode: false
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
<
* Connection #1 to host test.salesforce.com left intact
{"error":"invalid_grant","error_description":"authentication failure"}
This same command is working for Silverline person when he is executing from his local machine and not on Salesforce server.
Anyone knows what I should be checking for this issue?
Appreciate any help in advance.
#curl -V
curl 7.37.0 (powerpc-ibm-aix6.1.0.0) libcurl/7.37.0 OpenSSL/1.0.0g zlib/1.2.3 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz
TLS 1.1 and TLS 1.2 are supported since OpenSSL 1.0.1
So until we upgrade our CURL version or install the patch to support TLS 1.1 / 1.2, I won’t be able to make any progress.
I am able to connect to the SalesForce test webserver using my .Net code and connecting via TLS 1.1
Got the Token and Instance URL back
Hi everybody, I am having a similar problem. I am actually able to get the acces token using the terminal like so:
curl -X POST \ https://login.salesforce.com/services/oauth2/token \ -d 'grant_type=password&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&username={USERNAME}&password={PASSWORD}'(My PASSWORD is my password and SECURITY_TOKEN appended.)So far, so good.
My problem comes when trying to use php curl to achieve the same, here is were I am stuck with the {"error":"invalid_grant","error_description":"authentication failure"} message.
Here is my code:
//USING CURL $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://login.salesforce.com/services/oauth2/token"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=password&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&username={USERNAME}&password={PASSWORD}"); curl_setopt($ch, CURLOPT_POST, 1); $headers = array(); $headers[] = "Content-Type: application/x-www-form-urlencoded"; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $result = curl_exec($ch); $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); curl_close($ch); debug($status); //(int) 400 debug($result); //'{"error":"invalid_grant","error_description":"authentication failure"}'Any help would be appreciated. Here is the link to the same question on stackoverflow (http://stackoverflow.com/questions/43526224/migrating-curl-command-to-cakephp-3-0)
I found the TLS 1.0 issue by doing so.
Thanks Rajesh, I did that but I can't find anything wrong with the ouput. Here is what we got:
I think you are having the same issue as I did. Please see the following line in your output.
* SSL connection using TLSv1.0 / AES256-SHA
This should say TLSv 1.1 (or) TLSv1.2 for SalesForce to reply the token.
The error message is misleading. I tested my code using an updated version of Curl and I was able to connect and get the Token back using the same code.
This is the output (giving partial data only) I got once I upgraded the Curl version.....see that I am now using TLSv1.2
* Rebuilt URL to: POST/
* Could not resolve host: POST
* Closing connection 0
curl: (6) Could not resolve host: POST
* Trying 96.43.145.28...
* TCP_NODELAY set
* Connected to test.salesforce.com (96.43.145.28) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: cacert.pem
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
Here is (http://stackoverflow.com/a/31351605/4905076) an easy way to check what TLS version you have, maybe it could help someone else.
Thanks for letting me know. I really had to fish around to find the cause when I had this issue.
//enable TLS1.1 and TLS1.2
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
await auth.UsernamePasswordAsync(consumerKey, consumerSecret, userName, password, loginURL);
Abhishek.Jyoti is correct... change "IP Relaxation" setting to "Relax IP Restrictions".
curl https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=myclientid" -d "client_secret=myclientsecret" -d "username=mylogin@salesforce.com" -d "password=mypassword123456"
All I had to do was use single quotes around 'password=mypassword123456'.
I have three users.
- All use the System Administrator profile, Salesforce licens as well as the same role and permission sets
- They're all using the same connected app client_id and client_secret.
- The passwords are always appended to account's security token
- IP Relaxation is set to: Relax IP restrictions
- Permitted users is set to: All users may self-authorize
- I can login to the UI with any of the user id/password combinations
- I have an older app still that relies on password+token to login and have verified that the tokens are all working as well.
One userid/password combination is always successful the other two always fail. When I curl with either of the two that fail, I get the dreaded {"error":"invalid_grant","error_description":"authentication failure"} errors and the login history for those users shows a status of Invalid Password, even though the password and token test to be good.The only difference I can think of is the login that works is one that was used to create the org.
Needless to say this is driving me batty...
What do you all suggest?
Steve
https://help.salesforce.com/articleView?id=000212208&language=en_US&type=1
When I use this command
curl -X POST \ https://login.salesforce.com/services/oauth2/token \ -d 'grant_type=password&client_id=xxxxxx&client_secret=xxxxx&username=argenisperez2@gmail.com&password=xxxxxxxxx'
I receive the following error message:
curl: (1) Protocol " https" not supported or disabled in libcurl
curl: (6) Could not resolve host:
Link: https://developer.salesforce.com/forums/?id=906F0000000g37xIAA#!/feedtype=SINGLE_QUESTION_DETAIL&dc=Developer_Forums&criteria=ALLQUESTIONS&id=9062I000000XlXzQAK
Modify the Connected app: (Edit Policies)
1) If you are authorizing against a sandbox, you have to use test.salesforce.com instead of login.salesforce.com
2) No API security toekn required along side password
Here is the secret recipe! Thanks for all the collectve minds above
1. single quotation mark around password: -d 'password=<yourPassword+Token>'
2. Reset your salesforce password if it contains a special character(s).
3. Relax IP restrictions.
4. All users may self-authorize
Error:
{"error":"unsupported_grant_type","error_description":"grant type not supported"}*
Curl Sample:
curl -X POST -v https://[test/login].salesforce.com/services/oauth2/token \
-d 'client_id=<CLIENT ID>' \
-d 'client_secret=<CLIENT SECRET>' \
-d 'username=<USERNAME>' -d 'password=<PASSWORD><SECRET TOKEN>' \
-d "grant_type=password"
Thank you "Nick D'Amico 17"
But, still showing the same error
{
"error": "invalid_grant",
"error_description": "authentication failure"
}
following on the above issue, I was successful when I updated the following OAuth and OpenID Connect Settings
Hope that is useful