• John Brodie
  • NEWBIE
  • 0 Points
  • Member since 2012

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 2
    Questions
  • 0
    Replies

I'm developing an app which utilizes OAuth 2.0, and it appears that there is a bug in the implementation.

 

I'm using Google's "oauth2client" library for python, and kept getting a "scope parameter not supported" error when trying to exchange an authorization code for an access token (using the web server flow).  The library sends the scope parameter during both the initial step of the flow, as well as with the exchange step.  However, it appears that SalesForce throws an error if a scope parameter is included with the exchange request - but it will work if the scope param is included but is the empty string.

 

Section 3.3 of the OAuth 2.0 RFC states "The authorization and token endpoints allow the client to specify the scope of the access request using the "scope" request parameter." - which leads to the conclusion that this is an implementation bug.  

 

The current situation leaves me with making changes to a third-party library (not ideal), or not being able to specify a scope (not ideal, as I must then use the default).

I am currently developing a Salesforce integration for my company.  To begin with, we simply want a custom field for leads that displays a bit of info based on what is on our servers.  We have an API, but it is not even driven, nor does it handle batches of data.

 

Initially, we tried looping through the leads via Apex code, and calling out to our API.  This works fine when leads are manually inserted, but obviously will quickly hit the 10 callout limit if ran on the entire leads table.  The solution we have in our heads requires us to download all of the leads via the bulk API, process them, create a query, and send that query back to salesforce.  This is going to have to be done on a schedule, lest the data become unsynced (since our API has no way of notifying Salesforce of changes). 

 

I realize this is a "brute force" approach, but cannot think of a better way.  I'm sure this is a problem that has been encountered before, and would love to know any experienced SF Dev's insight into this issue.

 

Thanks.