We have a large amount of users connected to our registered app (using the OAuth 2.0 authorization code grant type). Nearly all of them refresh regularly with no problems.
However, with 6 of those accounts, we repeatedly see this error when trying to refresh an access token.
{
error_description: "authentication failure"
error: "invalid_grant"
}
I see lots of documentation and information on other "invalid_grant" errors but no explanation for "authentication failure".
Does anyone know what would cause that? Is there a setting in a customer's "Connected Apps" configuration that could prevent some accounts from refreshing?
Best Answer
Did you check if these users have
as per this doc : https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_oauth_web_server_flow.htm&language=en_US
there are only 2 reasons why you would get an invalid_grant
invalid_grant—invalid authorization code I suspect this cannot be true since other users are able to authenticate, if not I would have asked you to check if you are appending security token when the user logs in ( assuming username password flow)
invalid_grant—IP restricted or invalid login hours This looks the probable reason of the 2, check on the user record if there is any king of restriction.
login restriction: you can see this all way at the bottom on the user record
IP restriction : https://help.salesforce.com/HTViewHelpDoc?id=security_networkaccess.htm&language=en_US