[SalesForce] OAuth 2.0 (or similar) without security token

This article about oAuth 2.0 says , that user must provide security token to log in.
Can i somehow disable usage of security tokens? I don't want my users to perform unnecessary operation.

Or may be there is some alternative way to find out , if user's login\password are valid in salesforce

My code to authorize (may be there is another issue why i have an error like

{"error_description":"expired access/refresh token","error":"invalid_grant"} )

    private const string ClientId = "3MVG9A2kN3Bn17huRprJBCInrodPdsyHERlP1nUDPXnApOiQURGxtr9pxl...."; // Consumer Key from SFDC account
    private const string ClientSecret = "43802039754906815..."; // Consumer Secret from SFDC account
    private const string RedirectUrl = "https://localhost:8443/...."; // Redirect URL configured in SFDC account
    private const string  SfOAuthUrl = "https://login.salesforce.com/services/oauth2/token";

public static void AuthenticateToSalesforce()
    {
        var username = "myMail@gmail.com";
        var password = "MyPassword_Without_Security toke";

        var parameters = "grant_type=password"
                                  + "&client_id=" + ClientId
                                  + "&client_secret=" + ClientSecret
                                  + "&redirect_uri=" + RedirectUrl
                                  + "&username=" + username
                                  + "&password=" + password;

        var result = HttpPost(@SfOAuthUrl, @parameters);
    }

    public static string HttpPost(string URI, string Parameters)
    {
        var req = WebRequest.Create(URI);
        req.ContentType = "application/x-www-form-urlencoded";
        req.Method = "POST";

        var data = Encoding.ASCII.GetBytes(Parameters);
        req.ContentLength = data.Length;
        var os = req.GetRequestStream();
        os.Write(data, 0, data.Length);
        os.Close();

        try
        {
            var resp = req.GetResponse();
            var sr = new StreamReader(resp.GetResponseStream());
            return sr.ReadToEnd().Trim();
        }
        catch (WebException ex)
        {
            var resp = new StreamReader(ex.Response.GetResponseStream()).ReadToEnd();
            Console.WriteLine(resp);
        }
        return string.Empty;
    }

I've also set the range of trusted IPs which, according to the article, should disable usage of security tokens, but error is still the same

Best Answer

Security Tokens are not required from Trusted IP addresses.

You can make a single range of IP address 'trusted' in Setup > Security Controls > Network Access.

You can blat out multiple ranges like 0.0.0.0 to 255.255.255.255 (not recommended) on a Profile too.

Keith C's commentary is well placed; holding user credentials (and security token) may be a red flag.

profile ip range

Best Answer

Related Solutions

[SalesForce] OAuth 2.0 JWT Bearer Token Flow

[SalesForce] unable to generate access token for OAUTH 2.0

Related Topic