Hi everyone,
I'm working on integrating a custom digital proposal system with Salesforce using an API connection via OAuth 2.0. However, we are encountering an "unsupported_grant_type" error when attempting to authenticate.
Setup Details:
- We created a Connected App in Salesforce.
- We are using the password-based OAuth flow with the following cURL request:
bashCopyEditcurl -X POST https://login.salesforce.com/services/oauth2/token \ -d "grant_type=password" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "username=YOUR_USERNAME" \ -d "password=YOUR_PASSWORD_WITH_SECURITY_TOKEN"
- Postman was used to test the connection, and the error persists.
Troubleshooting Done So Far:
✅ Verified the client_id, client_secret, username, and password (with security token)
.
✅ Checked that the
Connected App
allows all users to self-authorize.
✅ Ensured that the user has
"API Enabled"
permission.
✅
IP Relaxation is set to "Relax IP restrictions"
Please be kind enough to guide on how to resolve this issue. Thank you in advance!
@* Salesforce Developers * @Admin Trailblazers @Salesforce.org System AdministratorsDO NOT USE THE USERNAME-PASSWORD FLOW!!!
This flow should only be used for
testing! It should not be used in production because it's the most unsafe of all the flows, since you are giving all your secrets away!!!
That's the reason the toggle was not turned on!
Hello @Avishka Hettiarachchi,
Make sure that you have enabled the OAuth Username-Password Flows.
- Go to the setup
- In the quick find box type "OAuth and OpenID Connect Settings"
- Click on OAuth and OpenID Connect Settings and the enable the Allow OAuth Username-Password Flows
Module: Einstein Prediction Service
Unit: Get Predictions with REST Requests
I was getting errors but was able to resolve them by following your guidance above about setting IP Relaxation to "Relax IP restrictions". [Setup / Manage Connected Apps / Predicted Sales per Customer / Edit Policies] Thank you!
Hi @Avishka Hettiarachchi, in the first POSTMAN screenshot I see a GET operation. What happens if you set this to POST? A POST makes sense since you have a body defined.
Hope this helps!
Best,
Huda
@Tushar Jadav I confirmed with my developers, they have used client_credentials as Grant Type for the integration that's in place. So I'm assuming enabling this won't be an issue.
Also developers suggested if I don't want to risk it as an alternate option get my setup in the integration using the same way which was
client_credentials as Grant Type.Please let me know your thoughts on this much appreciated!
@Avishka Hettiarachchi, Does this integration use the username-password flow? If not then do not worry. Just enable the OAuth Username-Password Flows.
Actually, this warning message should show only when we turn off the OAuth Username-Password Flows. But it shows when you enabled that is some kind of mistake.
Hi @Tushar Jadav, thank you for that, yes that was turned off & this might be the issue. When I'm trying enable this I get the warning "If you change this setting, existing integrations can break. We recommend that you test this change in a sandbox before enabling it in production".
I am concerned as we have some integrations already in place at the moment such as Clockify to Salesforce. Please advise me on how should I proceed in this situation. Thank you!
