You need to sign in to do that
Don't have an account?
Jeff Douglas (Personal)
OAuth Dance Randomly Failing with "client identifier invalid"
We are using the Databasedotcom Ruby gem (essentially a REST wrapper) to authenticate to salesforce. The OAuth dance is randomly failing (1 out of 25 attempts) with the following message:
client identifier invalid
The code is almost boilerplace code for authentication:
def self.authenticate(username, password) config = YAML.load_file(File.join(::Rails.root, 'config', 'databasedotcom.yml')) client = Databasedotcom::Client.new(config) begin access_token = client.authenticate :username => username, :password => password {:success => 'true', :message => 'Successful sfdc login.', :access_token => access_token} rescue Exception => exc {:success => 'false', :message => exc.message} end end
Any ideas what could be causing it to fail randomly?
Thanks
Jeff Douglas
Appirio & CloudSpokes
Fixed the issue! For the host URL, instead of using login.salesforce.com, use the actual pod. Something like na7.salesforce.com.
Jeff Douglas
Appirio & CloudSpokes
http://blog.jeffdouglas.com
What you're describing sounds like this known issue for username/passwords oauth logins http://success.salesforce.com/issues_view?id=a1p30000000SbdPAAS. Do you know if for a single failing user, the login fails every time? Let me know if you've got a way to consistently reproduce the issue (we have a potential fix in the works for the known issue).
Thanks for the reply. The problem lingered on our site for a couple of weeks as I could not consistently reproduce the issue nor would it fail for the same users. I would just see it show up in our log files randomly and had a hard time tracking it down.
Sorry I couldn't provide more info.
Thanks
Jeff Douglas
Appirio & CloudSpokes
http://blog.jeffdouglas.com
curl --insecure -v -c ./cookies.txt -d "grant_type=password" -d "client_secret=aGoodSecret" -d "username=cheddar.cheese@swansong.com" -d "password=aGoodSecretTheSecretToken" https://login.salesforce.com/services/oauth2/token
curl --insecure -v -c ./cookies.txt -d "grant_type=password" -d "client_secret=aGoodSecret" -d "username=cheddar.cheese@swansong.com" -d "password=aGoodSecretTheSecretToken" https://myInstance.salesforce.com/services/oauth2/token
* Trying 136.147.40.44...
* TCP_NODELAY set
* Connected to login.salesforce.com (136.147.40.44) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=salesforce.com, inc.; OU=InfraSec; CN=login.salesforce.com
* start date: Dec 15 00:00:00 2017 GMT
* expire date: Dec 14 12:00:00 2020 GMT
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> POST /services/oauth2/token HTTP/1.1
> Host: login.salesforce.com
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Length: 126
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 126 out of 126 bytes
< HTTP/1.1 400 Bad Request
< Date: Tue, 13 Nov 2018 18:21:43 GMT
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Security-Policy: upgrade-insecure-requests
< Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private
* Added cookie BrowserId="I5x6kqAhRuGiRg6AxPsf4A" for domain salesforce.com, path /, expire 1547317303
< Set-Cookie: BrowserId=I5x6kqAhRuGiRg6AxPsf4A;Path=/;Domain=.salesforce.com;Expires=Sat, 12-Jan-2019 18:21:43 GMT;Max-Age=5184000
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< X-ReadOnlyMode: false
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
<
{"error":"invalid_client_id","error_description":"client identifier invalid"}* Connection #0 to host login.salesforce.com left intact
https://www.youtube.com/watch?v=n73zJ6hC0No
Hope it helps!