12

I am trying to get the Session ID for my salesforce partialbox.

My Code:

curl https://test.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=definitely the correct client id" -d "client_secret=definitely the correct client secret" -d "username=mymail@mail.com.partialbox" -d "password=passandsecuritytoken"

What else I did:

  • Grant full access in my connected app settings
  • Set Ip restrictions to loose ip restrictions
  • "All users can authorize themselfes"
  • Double checked pass, client id, client secret, username

I am still getting the error {"error":"invalid_grant","error_description":"authentication failure"}.

I searched through the SF forums and StackOverflow questions, but I couldn't find any solution for this. Does anyone know, what else could be the problem here?

Frederik Witte
  • 1,067
  • 2
  • 9
  • 34

7 Answers7

9

I'm still confused and I don't know exactly what's going on, but I had your same problem and I was able to "fix" it by doing the following.

First, relax IP restrictions for the app.

Manage Apps -> Connected Apps -> (The name of my app)

Then setting "IP Relaxation" to "Relax IP restrictions".

As far as I know, there are not IP restrictions in the sandbox app I'm working with but I'm still new to this, so maybe they are hiding somewhere.

Second, in my curl command which looked a lot like your I left out the security token, so the password field was just the password.

I don't really know if I've solved my problem but I'm getting back an access token and not the "invalid_grant" error.

I plan on doing some additional investigating to figure out what's going on but I figured, while I had this question up I'd make sure this answer was here.

Jachin
  • 1,975
  • 1
  • 18
  • 23
6

Make sure you have done this steps.

*Apps -> Manage Connected Apps -> (The name of my app) -> Edit Application -> OAuth Polices Then set "Permitted users" to "All users may self-authorize".

*Manage Apps -> Connected Apps -> (The name of my app) Then set "IP Relaxation" to "Relax IP restrictions".

Try to make a curl request with TLS 1.1 enabled

curl -v https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=xxxxxxxxxxXXXXXXXXXX" -d "client_secret=123456789" -d "username=xx@abcd.com" -d "password=xxxxxxxxxx"

Aashish Vivekanand
  • 161
  • 4
  • 10
3

Salesforce is requiring an upgrade to TLS 1.1 or higher by July 22, 2017 in order to align with industry best practices for security and data integrity: from help.salesforce.com.

If you are using .Net version older than 4.6, try to add this code:

System.Net.ServicePointManager.SecurityProtocol = 
SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Another option is to edit your registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

Check this link for more detailed answers: Default SecurityProtocol in .NET 4.5

Community
  • 1
  • 1
Amir M
  • 438
  • 1
  • 7
  • 23
0

Here are the setting I have in my Salesforce sandbox.

So basically I have added the Profile of my REST API user to the list of App Profiles.

and my request looks like that:

POST: https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=3MVG1ZL0ppGP2UrDck7ipSVNGs9s17mpIc3mRacC8Y_9o3r_amXxZZaasoBFbUF_r0aUvaFtIoxxx3Y5qik5&client_secret=6412349245332722664&username=YYYY@my.pc&password=XXXX
Andrzej Satanowski
  • 11
  • 3
0

I am really good at using random passwords for API's which will include ; , or other werid things normal people don't use for passwords. The Salesforce does not appear to appreciate those characters in the api so I use numbers and letter and no special characters. I have run into this more than once so hopefully thins will help someone else and future me as well.

Micah Armantrout
  • 6,439
  • 4
  • 36
  • 61
0

You have to add profile in connected app: Go to : Connected Apps -> Profiles -> Manage Profiles -> Application Profile Assignment -> Select System Administrator -> save

Imtiyaj Khan
  • 1
0

Changing the OAuth Policy Permitted Users setting to "All users may self-authorize" allowed me to make a successful API call.

Found in in Manage Connected Apps -> Edit

Screenshot of Salesforce setting

nikkypo
  • 1