function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Francesco TisiotFrancesco Tisiot 

Frontdoor.jsp not working with Auth token

Hi all,
I created a connected app with Full and Web scope included. I'm able to retrieve the salesforce instance and access token and query the salesforce objects with rest apis. 
However when I try to access the Frontdoor.jsp with the call https://inst.salesforce.com/secur/frontdoor.jsp?sid=<access_token>&retURL=<ret_url>
I always get the login page.
The same call done by using a session id (taken from a Firefox cookie) works.
In the documentation of frontdoor.jsp is written that an access_token can be passed if the connected abb has full or web scope included, but mine doesn't work... do you have any hint for this?
ShashankShashank (Salesforce Developers) 
The session Id and the Access Token are nothing but the same. Are you still facing this issue?
Ross KerrRoss Kerr
I'm running into the same issue. I get access tokens from OAuth that I can use to make REST API calls, but when I try to pass them to frontdoor.jsp it just takes me to the login page.
Brandon SondereggerBrandon Sonderegger
I had been bouncing my head off of this for awhile as we wanted to allow an automous service scrape a webpage to make PDFs using non Salesforce PDF generation.  We tested using a session ID created on Force, which worked great.  Then when we tried to do it dynamically from the apex code it failed because session IDs from Force vs Apex are NOT the same.  So we tried oAuth.  Which works great until you try and use the password/user flow which is apparently NOT allowed to access web page resources.  You have to use an interactive flow, like refresh token to access web pages.  That was no good since we are running as a service.

The solution : Get an access token via SOAP : https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_calls_login.htm

You can slot the access token id you get from the soap login into your frontdoor.jsp call.  

        public TokenResponse GetSoapTokenResponse()
        {
            TokenResponse token = null;

            var username = System.Configuration.ConfigurationManager.AppSettings["SF.Username"];
            var password = System.Configuration.ConfigurationManager.AppSettings["SF.Password"];
            var securitytoken = System.Configuration.ConfigurationManager.AppSettings["SF.SecurityToken"];

            SforceService binding = new SforceService();

            LoginResult lr = null;
            try
            {
                lr = binding.login(username, password + securitytoken);
                token = new TokenResponse();
                token.instance_url = lr.serverUrl;
                token.access_token = lr.sessionId;
                token.id = lr.userId;
            }
            catch (Exception e)
            {
                throw (new Exception("Could not authenticate via soap : " + e.Message, e));
            }
            return token;

        }
        public string CreateSoapAuthenticatedUrl(string returnUrl)
        {
            var token = GetSoapTokenResponse();
            string baseURL = System.Configuration.ConfigurationManager.AppSettings["SF.FrontdoorUrl"];  
                       // "{0}/secur/frontdoor.jsp?sid={1}&amp;retURL={2}" is what this pulls in.
            string instance = token.instance_url.Remove(token.instance_url.IndexOf("/services"));
            string url = string.Format(baseURL, instance, token.access_token, Uri.EscapeDataString(returnUrl));

            return url;
        }
        public class TokenResponse
        {
            public string id { get; set; }
            public string issued_at { get; set; }
            public string refresh_token { get; set; }
            public string instance_url { get; set; }
            public string signature { get; set; }
            public string access_token { get; set; }
        }
Marco André De OliveiraMarco André De Oliveira
You need to add the web scope on your SDK configuration. On the bootconfig file, do this:
<string-array name="oauthScopes">
    <item>api</item>
    <item>web</item>
</string-array>