I have created one restful class:
@RestResource(urlMapping='/showAccounts/*')
global class ExRestController
{
@HttpPost
global static List<Account> getAccounts()
{
List<Account> acList;
acList = [select id,name from Account limit 10];
return acList;
}
}
And created connected app and remote access for the oauth implementation:
1) if i call the webservice from another instance by giving my username and password along with secrete key and cunsumer key i am able to get access token:
req.setEndpoint('https://ap1.salesforce.com/services/oauth2/token');
req.setHeader('Content-Type','application/x-www-form-urlencoded');
req.setbody('xmlstring');
req.setMethod('GET');
req.setbody('grant_type=authorization_code&client_id=client id&client_secret=secrete key&username=salesforce username &password=salesforce password);
HttpResponse res = h.send(req);
2) If i remove salesforce username and password in request as bellow code i am getting error
req.setEndpoint('https://ap1.salesforce.com/services/oauth2/token');
req.setHeader('Content-Type','application/x-www-form-urlencoded');
req.setbody('xmlstring');
req.setMethod('GET');
req.setbody('grant_type=authorization_code&client_id=client id&client_secret=secrete
key&redirect_uri=https://www.runscope.com/oauth_tool/callback');
HttpResponse res = h.send(req);
My problem is isn't it possible to get access token without salesforce username and password.
Best Answer
I think you are using OAuth 2.0 username and password flow . If you do not want to save and provide user name and password you should use OAuth 2.0 Web Server Authentication Flow.
For more details on diffrent types of oAuth flow here is link. https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_authenticate.htm&language=en_US
For more details about the OAuth 2.0 Web Server Authentication Flow here is link: https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_oauth_web_server_flow.htm&language=en_US