I signed up for force.com and created a remote application.

I can successfully complete the OAuth 2.0 username and password flow using my account credentials. And can subsequently fetch *my* data using the API.

However, when I use an account that is not the creator of the remote application, the response I receive is:

{"error":"invalid_grant","error_description":"expired access/refresh token"}

As far as I'm concerned, this is not even an error that I should be seeing, considering I am completing this flow to receieve an access token.

The URL that I am POSTing to is:

https://login.salesforce.com/services/oauth2/token?response_type=token&redirect_uri=REDIRECT_URI

and my POST body is:

grant_type=password&client_id=KEY&client_secret=SECRET&username=EMAIL&password=PASSWORDSECURITY_TOKEN

All variables are replaced with the proper values as outlined in the document http://na9.salesforce.com/help/doc/en/remoteaccess_oauth_username_password_flow.htm

Can anyone see the problem with this?