• DanielD
  • NEWBIE
  • 0 Points
  • Member since 2013

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
    Questions
  • 2
    Replies

I have an application using oAuth for authorization. It's been working fine for months. Over the weekend, issues started happening and after digging into it, it appears that while the authorization is successful (response 200 with valid JSON object returned), we're no longer receiving a refresh token after authorization.

 

Here is the oAuth request/response:

REQUEST:
https://login.salesforce.com/services/oauth2/token?grant_type=authorization_code&client_id=[my_app_client_id]&client_secret=[my_app_client_secret]&redirect_uri=[my_app_redirect_url]&code=[the_auth_code_we_receive_during_authorization]

 

RESPONSE:

{

"id":"https://login.salesforce.com/id/00D30000000AAAAAAA/0053000000KKKKKK",
"issued_at":"1328965006241",
"scope":"full",
"instance_url":"https://[my_org].my.salesforce.com",
"signature":"J/YL4wUXF[stuff]ielR+GLrcBuDz/kHOJs3nKNs=",
"access_token":"00D30000000AAAA!AREAQHAQpw[stuff]ABL50MBOQVPsN.TTnrrvN2gAGNsrJHhK3ehSQvYU[stuff]MfqreLBp3eDXMnCNdJRl3"
}

 

This request is supposed to return a request_token parameter with the JSON response -- and it *always* has in the past. Docs here: http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com

Hi,

 

After reading this wiki page http://wiki.developerforce.com/index.php/Digging_Deeper_into_OAuth_2.0_on_Force.com, i tried obtaining an Access Token in a Native Application / User-Agent Flow. I would expect in the end the refresh token  will be in the redirect returned (3) containing several parameters in a URL fragment. However it doesn't include the refresh token.

 

Following are what i tried in a browser, and its redirect from Salesforce.

 

  1. Request to Salesforce: https://login.salesforce.com/services/oauth2/authorize?response_type=token&oauth_consumer_key=3MVG9Km_cBLhsuPy92UAudTyfc9ka4dxuV.OMS5r0vyIS_ThDWpVFBpenmEEUGIHUrBCeHC28ZqbFDWkcCUAd&redirect_uri=https://localhost/sfdc_callback&display=touch&state=my_value
  2. Redirect from Salesforce: https://localhost/sfdc_callback#access_token=00D500000006tTs%21AREAQKZDxGeWrnBL4rohFjDM41hdv5crgBeGDFOHx1X0rwHECCVMuBtrwAnanilp57ZSEaPHCiuQvYTftXsuYXY7XfC9dA_5&instance_url=https%3A%2F%2Fna3.salesforce.com&id=https%3A%2F%2Flogin.salesforce.com%2Fid%2F00D500000006tTsEAI%2F00550000000lo9gAAA&issued_at=1309501094987&signature=jz0mFh6LDgw9btPuGBF%2FW46eG22QTRj%2FRVT7bGEMrTo%3D&state=my_value

You can see refresh_token is not in the url. Did I miss anything? Please help on this.

 

Thanks in advance.