function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Barton LedfordBarton Ledford 

Broken OAuth from App Access Settings

Connected App Option " Limit access to apps that are currently installed and have "Admin approved users are pre-authorized" as their Permitted Users setting." is preventing OAuth from working with our App. It works when the flag is unchecked, doesn't when it is checked. Every profile in the org has access to the app and "Admin approved users are pre-authorized" is selected on the Connected App page.  This appears to be a Salesforce bug.  Has anyone else had this experience? 
Best Answer chosen by Barton Ledford
Barton LedfordBarton Ledford
It turns out, our client was using the wrong client_id in their response, so the connected app that was authorized wasn't in the org.

All Answers

ShashankShashank (Salesforce Developers) 
Are your profiles added to the Profiles section of the connected app like below? Only profiles or permission sets added here will have access to the app.

User-added image
Barton LedfordBarton Ledford
Yes. We've tried adding every profile in the org to that related list.
ShashankShashank (Salesforce Developers) 
Can you tell me what happens when users try to access the app? Mat be an error message or a screenshot or written description?
Barton LedfordBarton Ledford
Yes, the api returns the following error: OAUTH_APP_ACCESS_DENIED 
error_description: user is not admin approved to access this app
ShashankShashank (Salesforce Developers) 
Could you please check if API is enabled for these profiles? To use Salesforce1, the profiles should be able to access the API.
ShashankShashank (Salesforce Developers) 
Hi,

This might need specific investigation in your org. Please send me the following details in an email to ssrivatsavaya@salesforce.com and I will create a case for investigation.

org Id:
Company name:
your username:
grant login access.
If you created any cases in the past for this company name, please provide a case number.
Also, please reference this post in the email.
Thanks,
Shashank
Barton LedfordBarton Ledford
It turns out, our client was using the wrong client_id in their response, so the connected app that was authorized wasn't in the org.
This was selected as the best answer
James BensonJames Benson

Barton,

Where do you find 'client_id'? 

Thank you!