Skip to main content Stream TDX Bengaluru on Salesforce+. Start learning the critical skills you need to build and deploy trusted autonomous agents with Agentforce. Register for free.
Topics#IntegrationPregunta de Mark Salamon
Mark Salamon (Jackson Lewis) preguntó en #Integration
30 dic 2023, 1:26 a.m.

Oauth Issue - ErrorCode=No_Oauth_Token&ErrorDescription=invalid_grant

I am trying to integrate SF with an external service via Oauth.

 

First, I tried connecting to the external service outside of SF in the traditional way. I created a client app on the external service that has a unique clientid and clientsecret and used https://www.google.com as the redirect URI.

 

I am logged into the service in my browser and then I navigate to https://[external service domain]/authorize?response_type=code&client_id=...&redirect_uri=https://www.google.com&scope=....

 

That returns google with a response code.

 

From Postman I can successfully generate a refresh token and access token by making a POST call to the https://..../token endpoint, with a body that includes the auth code, grant_type=authorization_code, clientid, client secret and redirect_uri.

 

To connect to the service from SF I created a new client app on the service. I used the app's clientid and client secret and the service's authorize and token endpoints to create an Auth provider in SF of type Open ID Connect.  SF generated a callback URL. In the SF client app on the external service, I updated the redirect URI to be the SF callback URL.

 

Next, I created a legacy Named Credential that uses the Auth provider. See screenshots.

 

I am still logged into the service in my browser.  When I hit Save/Edit on the Named Credential, SF tries to connect but I end up with this error:

 

..._nc_external/identity/sso/ui/AuthorizationError?ErrorCode=No_Oauth_Token&ErrorDescription=invalid_grant

 

When I go into developer tools and look at the network traffic, I see these calls:

 

GET: https://....sandbox.my.salesforce.com/services/auth/xds/..._Auth?scope=xxAPI%20offline_access&startURL=%2F0XA78000000KzgD%3Fisdtp%3Dp1

 

GET (vs the external service): https://.....com/id/core/connect/authorize?response_type=code&client_id=...&redirect_uri=https%3A%2F%2F....sandbox.my.salesforce.com%2Fservices%2Fauthcallback%2F..._Auth&scope=xxAPI+offline_access&state=...&code_challenge=...&code_challenge_method=S256

 

GET: 

https://....sandbox.my.salesforce.com/services/authcallback/..._Auth?code=[code]&state=[the same state as above]

 

It seems like everything is working.  The auth code is generated.

 

I assume that SF next makes a POST call to the /token endpoint of the external service.  But this error is returned:

 

ErrorCode=No_Oauth_Token&ErrorDescription=invalid_grant

 

I can't understand why this is not working if the same calls through Postman work correctly, but with a different redirect URI and set of clientid and clientsecret.

Oauth Issue - ErrorCode=No_Oauth_Token&ErrorDescription=invalid_grant

 

auth.png

4 respuestas
  1. Mark Salamon (Jackson Lewis)
    30 dic 2023, 12:12 p.m.

    Other than &ProviderId=

     

    where the ProviderID is the Auth Provider, no.

Cargando
Escribir una respuesta...
0/9000