• piusvelte
  • NEWBIE
  • 0 Points
  • Member since 2011

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
    Questions
  • 1
    Replies

Folks, I found that OAuth feature (Remote Access) is now available for all orgs at last, but I'm doubting there's a fatal defect.

 

When reading help page of Remote Access feature (https://na7.salesforce.com/help/doc/en/remoteaccess_authenticate.htm) and referring OAuth core 1.0A spec (http://oauth.net/core/1.0a), I found current salesforce's behaviour is not fullfilling the specification.

 

In the help page it is described that it requires oauth_consumer_key parameter in Authorization redirect phase (see "Authorizing the User" section), but the 1.0A spec is not (see 6.2.1). It is not only a documentation bug, but it actually raises error when no oauth_consumer_key is passed. 

 

I'm not sure why salesforce requires consumer key other than oauth_token. Consumer key is considered not to be exposed to the users, so not used as a parameter during the user redirection.

 

I'm writing code that connects to salesforce using OAuth library on python, but not successful mainly because this spec violation.


 
  • October 21, 2009
  • Like
  • 0