My Connected App settings are the following:
(1) Setup->Manage Apps->Connected Apps->FirstConnectedApp->Refresh Token Policy: "Refresh token is valid until revoked"
(2) Setup->Security Controls->Session Settings->Session Timeout->Timeout Value: "15 minutes".
I can obtain a new access token (using Web Server Flow) and use it to update data using Salesforce Connected App.
Now, I go home and come back the next day to update some data using HTTPS and PATCH, and I get the following response:
[
{
"message": "Session expired or invalid",
"errorCode": "INVALID_SESSION_ID"
}
]
This error makes perfect sense because the session has expired. Now, I attempt to follow the "Understanding the OAuth Refresh Token Process" (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_refresh_token_oauth.htm). I send a HTTPS POST using the following settings:
- Header item: "Content-Type: x-www-form-urlencoded"
- Header item:
"Authorization: client_id:'Client ID/Consumer Key',
client_secret:'Client Secret/Consumer Secret'" - Body item:
"grant_type=refresh_token&refresh_token='refresh_token'"
Now, I submit this HTTPS POST and I get the following response:
{
"error": "invalid_client_id",
"error_description": "client identifier invalid"
}
Why would I be getting this response?
I double checked to make sure that in fact the "Client ID" matches the "Consumer Key" in my Connected App.
Best Answer
grant_type,client_id,client_secret and refresh_token should be in BODY instead of Request header.
SRC:https://help.salesforce.com/articleView?id=remoteaccess_oauth_refresh_token_flow.htm&type=5
https://salesforce.stackexchange.com/a/148016/19118