[SalesForce] invalid_grant-expired access/refresh token error when authenticating access via REST

I'm facing a strange scenario – I'm using a REST Client to authenticate access to SF.
I'm using "grant_type": "password" the client key, client secret, username and password concatenated with the token.
my request URL is: https://cs17.salesforce.com/services/oauth2/token

I checked the parameters and they are correct

I don't have a clue why but I'm getting this error:

"error": "invalid_grant", "error_description": "expired access/refresh token"

In the past it worked fine and now I don't know what went wrong.

Best Answer

Are you setting the client_id and secret ?

Those are the parameters you should send:

client_id=XXXXXX
&client_secret=XXXX
&password=passTOKEN
&username=XXX
&grant_type=password

Ensure you are setting the header Content-Type: application/x-www-form-urlencoded.

BTW, user-password flow doesn't support refresh_token flow. More info see this reply

Related Solutions

[SalesForce] unsupported grant_type

The content-type HTTP header should be application/x-www-form-urlencoded - Check if that's set correctly. If not, you will get this error. Also, make sure The grant_type form parameter is set to your password (all lower case)

[SalesForce] {“error”:”invalid_grant”,”error_description”:”inactive organization”}

Server Sends a Response

After the request is verified, Salesforce sends a response to the client. Token responses for the OAuth 2.0 SAML bearer token flow follow the same format as authorization_code flows, although no refresh_token is ever issued.

Note: A SAML OAuth 2.0 bearer assertion request looks at all the previous approvals for the user that include a refresh_token. If matching approvals are found, the values of the approved scopes are combined and an access_token is issued (with "token_type" value "Bearer"). If no previous approvals included a refresh_token, no approved scopes are available, and the request fails as unauthorized.

Errors

If there is an error in processing the SAML bearer assertion, the server replies with a standard OAuth error response, including an error and an error description containing additional information regarding the reasons the token was considered invalid. Here is a sample error response:

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
{
"error":"invalid_grant",
"error_description":"Audience validation failed"
}

Refer this for Detail Answers and Search for "Using SAML Bearer Assertions" this heading in pdf

Best Answer

Related Solutions

[SalesForce] unsupported grant_type

[SalesForce] {“error”:”invalid_grant”,”error_description”:”inactive organization”}

Related Topic