I am trying to use Front Door:
https://instance.salesforce.com/secur/frontdoor.jsp?sid=session_ID
I have created a Connected App with full and web scopes.
I have sent this request via Postman:
curl --location 'https://login.salesforce.com/services/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: BrowserId=v-zKoAX_Ee6oNUeUP12vNQ; CookieConsentPolicy=0:0; LSKey-c$CookieConsentPolicy=0:0' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=ERASED' \
--data-urlencode 'client_secret=ERASED' \
--data-urlencode 'username=ERASED' \
--data-urlencode 'password=ERASED'
I have received instance_url and access_token in the response.
I have configured an url:
{{instance_url}}/secur/frontdoor.jsp?sid={{access_token}}
This leads me to a login page.
The same access_token works perfectly with the REST API of salesforce, for example, I can retrieve a list of users:
curl --location '{{instance_url}}/services/data/v57.0/query?q=SELECT%20Id%2C%20Email%20FROM%20user' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ERASED' \
--header 'Cookie: BrowserId=v-zKoAX_Ee6oNUeUP12vNQ; CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1' \
--data ''
Front Door is also working fine with the session_id from Apex: UserInfo.getSessionId() and also with SOAP. But it doesn't work with the access_token from Postman. What am I missing?
Probably, this is a problem (have found it in the answer to this question)?
This flow [OAuth 2.0 Username-Password Flow] doesn’t support scopes or refresh tokens. Experience Cloud sites don’t support the OAuth 2.0 username-password flow.
Is there any way to use access_token from grant_type=password in the Front Door?
Best Answer
I have got a response from SF Support. Long story short: we cannot use session_id from REST API username/password flow with the frontdoor.
According to this knowledge article:
So, you can use the other OAuth flows that are supported like Web Server flow.