Sometimes the delegated authentication is configured in the customer's org for the logged-in user. So when the username and password is given during login, the authentication will be done via delegated authentication server, not by salesforce.
We have seen a strange behavior in Username-Password OAUTH flow (Sept 6, 2018) when the request is made from API and Apex.
1. When OAUTH request made via api, You can pass external auth server password.
grant_type:password
username:username@gmail.com
password:password // This can be external system password
client_id:3MV***log.W
client_secret:65***58
2. When OAUTH request made via apex, The password should be salesforce password along with security token. If the external system password is given, you will get the below error
13:26:23.1 (5805772)|CALLOUT_REQUEST|[74]|System.HttpRequest[Endpoint=https://****.my.salesforce.com/services/oauth2/token, Method=POST]
13:26:23.1 (357570230)|HEAP_ALLOCATE|[EXTERNAL]|Bytes:952
13:26:23.1 (357762371)|CALLOUT_RESPONSE|[74]|System.HttpResponse[Status=Bad Request, StatusCode=400]
13:26:23.1 (357794126)|HEAP_ALLOCATE|[74]|Bytes:85
13:26:23.1 (357836159)|STATEMENT_EXECUTE|[75]
13:26:23.1 (357942754)|HEAP_ALLOCATE|[75]|Bytes:70
13:26:23.1 (357975206)|HEAP_ALLOCATE|[75]|Bytes:75
13:26:23.1 (358011911)|USER_DEBUG|[75]|DEBUG|body:{"error":"invalid_grant","error_description":"authentication failure"}
So incase of this error, make sure that you supply the salesforce username along with security token.
grant_type:password
username:username@gmail.com
password:password // This is only salesforce password and security token
client_id:3MV***log.W
client_secret:65***58
Comments
Post a Comment