Can someone provide/point me in the direction of detailed instructions to set up a connected app & JWT token for JWT-Based Authorization Flow? Salesforce documentation isn't super clear.
I've created a new connected app:
1: Filled out required fields in the "Basic Information" section
2: Checked: Enable OAuth Settings
3: Checked: Enable for Device Flow (not sure if this is right)
4: Left the default callback URL for the step above
5: checked "Use digital signatures"
6: Created a Self Signed Cert using these steps.
7: Uploaded cert under "Use digital signatures"
8: Added the following scopes (not sure if these are right)
- Access your basic information (id, profile, email, address, phone)
- Full access (full)
- Perform requests on your behalf at any time (refresh_token, offline_access)
9: Unchecked: Require Secret for Web Server Flow (not sure about this)
Under "Manage" I have the following settings:
- Permitted Users: All users may self-authorize
- IP Relaxation: Relax IP restrictions
However, when I tried to authenticate using sfdx force:auth:jwt:grant --clientid <Consumer_Key> --jwtkeyfile server.key --username <Username> --setdefaultdevhubusername, I get the following error:
An error occurred authorizing this org. name: invalid_grant message:
user hasn't approved this consumer
Best Answer
just as an FYI: you could have avoided the manual login if you had set the policy settings to:
Permitted Users: Admin approved users are pre-authorized
and then assigned the Connected App to the profile of your user, i.e. an API Only profile.
As you already mentioned yourself, all of your other settings were perfect.
Cheers