可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I am trying to use OAuth authentication to get the Salesforce Authentication Token, so I referred wiki docs, but after getting authorization code, when I make a Post request with 5 required parameters, I'm getting following exception
{"error":"invalid_grant","error_description":"authentication failure"} CODE 400 JSON = {"error":"invalid_grant","error_description":"authentication failure"}
which is I guess a bad request.
PostMethod post = new PostMethod("https://login.salesforce.com/services/oauth2/token"); post.addParameter("code",##############); post.addParameter("grant_type","authorization_code"); post.addParameter("redirect_uri","#################"); post.addParameter("client_id",this.client_id); post.addParameter("client_secret",this.client_secret); httpclient.executeMethod(post); String responseBody = post.getResponseBodyAsString(); System.out.println(responseBody+" CODE "+post.getStatusCode());
Kindly reply, if exception known?
回答1:
For anyone who is as stuck and frustrated as I was, I've left a detailed blog post on the entire process (with pictures and ranty commentary!). Click the link if you want that:
http://www.calvinfroedge.com/salesforce-how-to-generate-api-credentials/
Here is a text only answer:
Step 1:
Create an account. You can create a (free) developer account at developer.salesforce.com
Step 2:
Ignore all the landing pages and getting started crap. It's an endless marketing loop.
Step 3:
Click the "Setup" link
Step 4:
In the lefthand toolbar, under "Create", click "Apps"
Step 5:
Under "Connected Apps" click "New"
Step 6:
Fill out the form. Important fields are the ones marked as required, and the oauth section. Note that you can leave any url for your callback (I used localhost).
Step 7:
Be advised that Salesforce has crappy availability.
Step 8:
Press continue. You finally have your key (client id) and secret (client secret).
Step 9:
But wait! You're not done yet.
Make sure IP restrictions are disabled as well, and make sure that Permitted Users is set to "All users may self-authorize."
If you're concerned about disabling security, don't be for now, you just want to get this working for now so you can make API calls. Tighten permissions once you have everything working, one at a time, so you can figure out what setting is giving you authentication errors.
Step 10:
Celebrate! This curl call should succeed:
curl -v https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=YOUR_CLIENT_ID_FROM_STEP_8" -d "client_secret=YOUR_CLIENT_SECRET_FROM_STEP_8" -d "username=user@wherever.com" -d "password=foo@bar.com"
Notes:
You shouldn't be doing password authorization if you're building a multi-tenant app, where users need to authorize their own application. Use the Oauth2 workflow for that.
You may need to pass in your security token appended to your password.
回答2:
We had this issue as well.
Check your Connected App settings - under Selected OAuth Scopes, you may need to adjust the selected permissions. Our app primarily uses Chatter, so we had to add both:
- Access and manage your Chatter feed (
chatter_api) - Perform requests on your behalf at any time (
refresh_token).
Again, your mileage may vary but try different combinations of permissions based on what your Application does/needs.
Additionally, the actual invalid_grant error seems to occur due to IP restrictions. Ensure that the server's IP address that is running the OAuth authentication code is allowed. I found that if the SFDC environment has IP restriction setting Enforce IP restrictions set (Setup -> Administer -> Manage Apps -> Connected Apps), then each User Profile must have the allowed IP addresses as well.
回答3:
Salesforce is requiring an upgrade to TLS 1.1 or higher by July 22, 2017 in order to align with industry best practices for security and data integrity: from help.salesforce.com.
try to add this code:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Another option is to edit your registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
Check this link for more detailed answers: Default SecurityProtocol in .NET 4.5
回答4:
To whitelist an IP address range follow these steps:
- Click
Setup in the top-right - Select
Administer > Security Controls > Network Access from the left navigation - Click
New - Add your ip address range
- Click
Save
回答5:
I am using salesforce soap api with following request format
usernamepassword+security_token
I got successfully logged in but application is not showing as my setup. When I tried with this method, It was working.
curl -v https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=YOUR_CLIENT_ID_FROM_STEP_8" -d "client_secret=YOUR_CLIENT_SECRET_FROM_STEP_8" -d "username=user@wherever.com" -d "password=foo@bar.com"
Can anyone tell me what I am doing wrong or salesforce soap api do not support this ?
