Login/Register
Getting {"error":"invalid_grant","error_description":"authentication failure"} in Salesforce?
Asked Answered
restcurlsalesforce
I

17

26

I am trying to get the Session ID for my salesforce partialbox.

My Code:

curl https://test.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=definitely the correct client id" -d "client_secret=definitely the correct client secret" -d "[email protected]" -d "password=passandsecuritytoken"

What else I did:

  • Grant full access in my connected app settings
  • Set Ip restrictions to loose ip restrictions
  • "All users can authorize themselfes"
  • Double checked pass, client id, client secret, username

I am still getting the error {"error":"invalid_grant","error_description":"authentication failure"}.

I searched through the SF forums and Stack Overflow questions, but I couldn't find any solution for this. Does anyone know, what else could be the problem here?

Iciness answered 8/12, 2015 at 11:13 Comment(1)
Have you found the issue?Pudency
B
19

There is one more setting is important to configure the integration between two Salesforce orgs that should be enabled 'Allow OAuth Username-Password Flows' when getting invalid grant error

enter image description here

Blockish answered 30/6, 2023 at 12:14 Comment(1)
This worked for me. If this setting isn't enabled, it won't even if the IP relaxation and authorization are setup up. So you need all three.Anarch
I
13

I'm still confused and I don't know exactly what's going on, but I had your same problem and I was able to "fix" it by doing the following.

First, relax IP restrictions for the app.

Manage Apps -> Connected Apps -> (The name of my app)

Then setting "IP Relaxation" to "Relax IP restrictions".

As far as I know, there are not IP restrictions in the sandbox app I'm working with but I'm still new to this, so maybe they are hiding somewhere.

Second, in my curl command which looked a lot like your I left out the security token, so the password field was just the password.

I don't really know if I've solved my problem but I'm getting back an access token and not the "invalid_grant" error.

I plan on doing some additional investigating to figure out what's going on but I figured, while I had this question up I'd make sure this answer was here.

Involution answered 5/10, 2016 at 16:45 Comment(0)
Y
13

Make sure you have done this steps.

*Apps -> Manage Connected Apps -> (The name of my app) -> Edit Application -> OAuth Polices Then set "Permitted users" to "All users may self-authorize".

*Manage Apps -> Connected Apps -> (The name of my app) Then set "IP Relaxation" to "Relax IP restrictions".

Try to make a curl request with TLS 1.1 enabled

curl -v https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=xxxxxxxxxxXXXXXXXXXX" -d "client_secret=123456789" -d "[email protected]" -d "password=xxxxxxxxxx"

Yowl answered 22/10, 2018 at 11:40 Comment(1)
Setting "Permitted users" to "All users may self-authorize" worked! Thanks!Blague
C
3

Salesforce is requiring an upgrade to TLS 1.1 or higher by July 22, 2017 in order to align with industry best practices for security and data integrity: from help.salesforce.com.

If you are using .Net version older than 4.6, try to add this code:

System.Net.ServicePointManager.SecurityProtocol = 
SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Another option is to edit your registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

Check this link for more detailed answers: Default SecurityProtocol in .NET 4.5

Caracul answered 6/4, 2017 at 12:27 Comment(0)
S
2

Inplace or login.salesforce.com or test.salesforce.com in your url use your org instance url

https://{myorgurl}/services/oauth2/token

Soldo answered 10/10, 2022 at 0:43 Comment(2)
Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.Permission
This actually worked for me, but why? Either way I'm happy to have made some progress what a PITA.Gerri
M
2

The Error message shown in postman app

{
    "error": "invalid_grant",
    "error_description": "authentication failure"
}

is very generic. One of the best way to troubleshoot what is going wrong in background is to go to the record of the user whose credential you are using for generating access token and check for status field value under login history.

enter image description here

I enabled the flow from Setup>Security Controls> OAuth and OpenID Connect Settings

enter image description here

Two other reason for this issue can be because

  1. you are passing password+securityToken in the password key of request body.At times it needs only password and not security token
  2. By mistake you are passing security token of admin user, not the security token of actual user for which you are trying to generate the token
Metaphase answered 31/1 at 10:58 Comment(3)
Thank you! Your post was very helpful because I could check the log and see error details there.Ruffner
where did you see the Login history? I can only find login history of my dev userFright
login history comes under user record page. Just open user record page with which you are trying to login in postman and do ctrl +f on login historyMetaphase
G
1

I am really good at using random passwords for API's which will include ; , or other werid things normal people don't use for passwords. The Salesforce does not appear to appreciate those characters in the api so I use numbers and letter and no special characters. I have run into this more than once so hopefully thins will help someone else and future me as well.

Gaige answered 7/6, 2021 at 14:13 Comment(0)
A
1

It could be anything. But... In my case the password I used for the user account contained a pound sign, or hash mark (#), which Salesforce apparently did not like in the least. I got a '400 bad syntax' response when running it out of Postman.

I changed the password to strictly alphanumeric (no punctuation) and instantly got the token.

So my advice is that if you've banged your head against the wall for a couple hours or more like I did on this one thinking you've gone insane, just try changing the password to alphanumeric characters only. It just might work. If it doesn't, then at least you can rule that out.

Anchoress answered 24/6, 2022 at 19:43 Comment(1)
Yup the # helped me waste a good chunk of my day. Unfortunately I came across this comment too soon and couldnt waste my entire day figuring this out. Thanks Salesforce!Looper
T
1

I have same problem, I solved it because my password contains '%' character.

Tetraspore answered 28/12, 2023 at 7:41 Comment(0)
S
1

& character in password can cause this issue. I'd recommend no special characters in passwords.

Strobila answered 24/1 at 19:10 Comment(0)
G
0

Here are the setting I have in my Salesforce sandbox.

So basically I have added the Profile of my REST API user to the list of App Profiles.

and my request looks like that:

POST: https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=3MVG1ZL0ppGP2UrDck7ipSVNGs9s17mpIc3mRacC8Y_9o3r_amXxZZaasoBFbUF_r0aUvaFtIoxxx3Y5qik5&client_secret=6412349245332722664&[email protected]&password=XXXX
Gaul answered 20/10, 2018 at 19:15 Comment(0)
D
0

You have to add profile in connected app: Go to : Connected Apps -> Profiles -> Manage Profiles -> Application Profile Assignment -> Select System Administrator -> save

Denbrook answered 28/7, 2021 at 6:50 Comment(0)
T
0

Changing the OAuth Policy Permitted Users setting to "All users may self-authorize" allowed me to make a successful API call.

Found in in Manage Connected Apps -> Edit

Screenshot of Salesforce setting

Transmogrify answered 30/3, 2022 at 18:40 Comment(0)
M
0

It is a usefull advice above to check "Allow oauth user=password flows" setting, spent more than 3 hours to solve problem with invalid gran_type.

Minaret answered 24/7, 2023 at 21:57 Comment(0)
I
0

To summarize all the possible answer of this issue

  • Apps -> Manage Connected Apps -> (The name of my app) -> Edit Application -> OAuth Polices Then set "Permitted users" to "All users may self-authorize".

  • Manage Apps -> Connected Apps -> (The name of my app) Then set "IP Relaxation" to "Relax IP restrictions".

  • Make sure that you've these settings enabled. Only these 3 unless or until you're doing different type of authentication except for OAuth

Idea answered 30/1 at 21:44 Comment(0)
U
0

I was trying to test the API on Postman and even after putting the correct details, I faced similar problem. Turns out, I needed to encode the strings manually. That worked for me.

Uno answered 21/4 at 21:8 Comment(0)
S
0

I got the same error but after I remove a special character prom the password, it works fine.

Stalinist answered 7/5 at 2:57 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.