+ Start a Discussion
Kelvin CheungKelvin Cheung 

"ip restricted or invalid login hours" error in OAuth

We have a "Connected App" that we rely on for getting access/refresh tokens for API access.  On our end, we use OmniAuth on our Ruby on Rails servers, and this generally works as normal.  Last week someone was authorizing our app and got a failure.  Digging into it, it looks like we properly get the callback from the client, passing us the authorize_url and code.  When we make the the request to "https://login.salesforce.com/services/oauth2/token", we get a failure response with error_description "ip restricted or invalid login hours".

Anyone know why we would be getting this error here?  I would expect there might be IP/login restrictions that would deny the login when the user logs in to Salesforce.com, providing his credentials.  But in this case, that login succeeds, but when we attempt to pass on the auth code from our AWS server to login.salesforce.com, we're getting the error.  Why would IP/login-hour restrictions apply to this request?

The user did say they have IP restrictions, so we figured it was worth a shot to add our servers' IPs to the trusted IP list.  That did not solve the problem (same error).  Any ideas?

Thanks in advance!

-kelvin