[SalesForce] saml bearer oauth question

This is related to a previous question I asked:
See: salesforce saml bearer oauth flow

Anyway i am still having problems understanding how to consistently get an access token from salesforce for a resource and then utilize that access token.
Yesterday i managed to get an access token. For a given user i was noticing in the login history that the remote access 2.0 app was successful.
Now this morning, having changed nothing, i am getting the following error:

{"error_description":"expired authorization
code","error":"invalid_grant"}

This is really strange as i am not using an authorization code (as I am using SAML bearer flow). It looks like there is a setting in salesforce i am missing to consistently get a token for this flow.
Also yesterday i noticed one other thing. When i did manage to get a token, the format of the token was different to the token i received from salesforce when using 3 legged oauth flow.

Can anyone shed any light on why i am now getting the expired authorization code message ?

Thanks again for all your help

Best Answer

Ok thanks for all the help. I have now got this working. Here is what i had to do. Firstly i wasnt allowing for clock skew. So it looks as if timezone was out so an expired authorization code seems to be state that time is wrong. Once i changed this i got a token. Token format was like this: {"scope":"id full api web visualforce chatter_api","instance_url":"https://eu2.salesforce.com","access_token":"00Db00000........etc "}

WHen i tried to access the resource i then got the following error: 401 Unauthorized INVALID_SESSION_IDSession expired or invalid. I was initially trying to access resource: https://na9.salesforce.com/services/data/v20.0/

But i noticed that the instance_url i retrieved from token was eu based https://eu2.salesforce.com and not na9 . Once i changed the resource to https://eu2.salesforce.com/services/data/v20.0/ - i successfully got a response.

Hope this information helps other people. I think it would also be nice if more information was returned from salesforce on error.

THanks again Clive

Related Topic