Salesforce Authentication Failing

Question

I am trying to use OAuth authentication to get the Salesforce Authentication Token, so I referred wiki docs, but after getting authorization code, when I make a Post request

Answer 1

I tried many solutions above which did not work for me. However the trick that actually worked for me was to stop using curl and to use postman application to make the request instead.

By replicating the request in postman, with a POST request and the following params

1. grant_type
2. client_id
3. client_secret
4. username
5. password

This solved the issue for me.

Just posting it here in case there are others who have tried all the possible solutions with no avail (like I did).

Answer 2

Salesforce is requiring an upgrade to TLS 1.1 or higher by July 22, 2017 in order to align with industry best practices for security and data integrity: from help.salesforce.com.

try to add this code:

System.Net.ServicePointManager.SecurityProtocol = 
SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Another option is to edit your registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

Check this link for more detailed answers: Default SecurityProtocol in .NET 4.5

Answer 3

Make sure your password only has alphanumeric characters in it.

Answer 4

TL:DR

For OAuth 2 tokens if you login...

• At login.salesforce.com use https://login.salesforce.com/services/oauth2/token
• At test.salesforce.com use https://test.salesforce.com/services/oauth2/token

Story:

1. I was following Salesforce "Set Up OAuth 2.0"
2. Credentials were correct (many character by character checks)

3. When I'd call curl https://login.salesforce.com/services/oauth2/token -d "...credentials..." it still failed with:

   {"error":"invalid_grant","error_description":"authentication failure"}

Solution:

Realized there are different OAuth environments when reading Digging Deeper into OAuth 2.0 in Salesforce specifically (emphasis added):

OAuth 2.0 Authentication Endpoints

OAuth endpoints are the URLs that you use to make OAuth authentication requests to Salesforce. When your application makes an authentication request, make sure you’re using the correct Salesforce OAuth endpoint. The primary endpoints are:

• Authorization—https://login.salesforce.com/services/oauth2/authorize
• Token—https://login.salesforce.com/services/oauth2/token
• Revoke—https://login.salesforce.com/services/oauth2/revoke (see Revoke OAuth Tokens for details on revoking access)

Instead of login.salesforce.com, customers can also use the My Domain, community, or test.salesforce.com (sandbox) domains in these endpoints.

Fix

Because I logged into my environment via test.salesforce.com switching to curl https://test.salesforce.com/services/oauth2/token -d "...credentials..." resulted in a "Congrats! (>^_^)> Give OAuth token response"

Answer 5

We had this issue as well.

Check your Connected App settings - under Selected OAuth Scopes, you may need to adjust the selected permissions. Our app primarily uses Chatter, so we had to add both:

• Access and manage your Chatter feed (chatter_api)
• Perform requests on your behalf at any time (refresh_token).

Again, your mileage may vary but try different combinations of permissions based on what your Application does/needs.

Additionally, the actual invalid_grant error seems to occur due to IP restrictions. Ensure that the server's IP address that is running the OAuth authentication code is allowed. I found that if the SFDC environment has IP restriction setting Enforce IP restrictions set (Setup -> Administer -> Manage Apps -> Connected Apps), then each User Profile must have the allowed IP addresses as well.