Apex Code Development You need to sign in to do that
Don't have an account?
Nirmal Vasanthakumar Minimum selected oauth scopes needed in connected app for native iOS app?
I am working on a native iOS app.Theoretically native Connected Apps, need a minimum of "Perform requests on your behalf at any time" and "Access and manage your data".However I get the error as:
ErrorDomain= com.salesforce.oauthErrorDomainCode=666 com.salesforce.OauthErrorDomain in1804: requested+scope+not+allowed NSLocalizedDescription= com.salesforce.OauthErrorDomain in1804: requested+scope+not+allowed
However when I set the minimum selected scopes to "Perform requests on your behalf at any time" and "Access and manage your data" and "Provide access to your data via the Web" I can access and work on native iOS app.
Question In Short: What is the minimum selected oauth scopes needed in connected app for native iOS app?
and do we need to "Provide access to your data via the Web" also in addition to ("Perform requests on your behalf at any time" and "Access and manage your data").
Sorry, my previous answer is a little misleading, because by default the parent app delegate in the iOS SDK defines the requested scopes as "web" and "api" (in addition to "refresh_token", which is implicitly added in the OAuth library). I do not believe that the "web" scope should be strictly necessary, unless you have a web component in your native app which is accessing Salesforce web pages which require authentication.
You can override the requested scopes in your own app delegate, by overriding the oauthScopes method:
+ (NSSet *)oauthScopes { return [NSSet setWithObjects:@"api", nil]; }Give that a try, and see if you run into issues. As I said, I think you're safe without the "web" scope, if you're not making calls for Salesforce web pages.
All Answers
There was a similar post aimed at hybrid apps which mentions
http://boards.developerforce.com/t5/Mobile/Android-Hybrid-App-without-OAuth/td-p/456465
"For hybrid apps, we recommend a minimum scope set of "web" and "api" at this point. The "visualforce" scope, unfortunately, is not generally sufficient for the permissions hybrid apps need to get through the authentication setup."
The auth piece for both native and hybrid apps uses the oAuth webview. Going by that logic, I'm thinking that the scopes should be same.
I hope that helps.
Regards,
Gaurav
The issue you're seeing is a disparity between what's defined in your Connected App on the server and what's defined in your client. What client scopes do you have defined in your AppDelegate?
Sorry, my previous answer is a little misleading, because by default the parent app delegate in the iOS SDK defines the requested scopes as "web" and "api" (in addition to "refresh_token", which is implicitly added in the OAuth library). I do not believe that the "web" scope should be strictly necessary, unless you have a web component in your native app which is accessing Salesforce web pages which require authentication.
You can override the requested scopes in your own app delegate, by overriding the oauthScopes method:
+ (NSSet *)oauthScopes { return [NSSet setWithObjects:@"api", nil]; }Give that a try, and see if you run into issues. As I said, I think you're safe without the "web" scope, if you're not making calls for Salesforce web pages.
Thanks a lot.It solved the issue I was facing.