Getting {"error":"invalid_grant","error_description":"authentication failure"} in Salesforce?

Question

I am trying to get the Session ID for my salesforce partialbox.

My Code:

curl https://test.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=definitely the correct client id" -d "client_secret=definitely the correct client secret" -d "username=mymail@mail.com.partialbox" -d "password=passandsecuritytoken"

What else I did:

• Grant full access in my connected app settings
• Set Ip restrictions to loose ip restrictions
• "All users can authorize themselfes"
• Double checked pass, client id, client secret, username

I am still getting the error {"error":"invalid_grant","error_description":"authentication failure"}.

I searched through the SF forums and Stack Overflow questions, but I couldn't find any solution for this. Does anyone know, what else could be the problem here?

Answer 1

I'm still confused and I don't know exactly what's going on, but I had your same problem and I was able to "fix" it by doing the following.

First, relax IP restrictions for the app.

Manage Apps -> Connected Apps -> (The name of my app)

Then setting "IP Relaxation" to "Relax IP restrictions".

As far as I know, there are not IP restrictions in the sandbox app I'm working with but I'm still new to this, so maybe they are hiding somewhere.

Second, in my curl command which looked a lot like your I left out the security token, so the password field was just the password.

I don't really know if I've solved my problem but I'm getting back an access token and not the "invalid_grant" error.

I plan on doing some additional investigating to figure out what's going on but I figured, while I had this question up I'd make sure this answer was here.

Answer 2

Make sure you have done this steps.

*Apps -> Manage Connected Apps -> (The name of my app) -> Edit Application -> OAuth Polices Then set "Permitted users" to "All users may self-authorize".

*Manage Apps -> Connected Apps -> (The name of my app) Then set "IP Relaxation" to "Relax IP restrictions".

Try to make a curl request with TLS 1.1 enabled

curl -v https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=xxxxxxxxxxXXXXXXXXXX" -d "client_secret=123456789" -d "username=xx@abcd.com" -d "password=xxxxxxxxxx"

Answer 3

Salesforce is requiring an upgrade to TLS 1.1 or higher by July 22, 2017 in order to align with industry best practices for security and data integrity: from help.salesforce.com.

If you are using .Net version older than 4.6, try to add this code:

System.Net.ServicePointManager.SecurityProtocol = 
SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Another option is to edit your registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

Check this link for more detailed answers: Default SecurityProtocol in .NET 4.5

Answer 4

Inplace or login.salesforce.com or test.salesforce.com in your url use your org instance url

https://{myorgurl}/services/oauth2/token

Answer 5

Here are the setting I have in my Salesforce sandbox.

So basically I have added the Profile of my REST API user to the list of App Profiles.

and my request looks like that:

POST: https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=3MVG1ZL0ppGP2UrDck7ipSVNGs9s17mpIc3mRacC8Y_9o3r_amXxZZaasoBFbUF_r0aUvaFtIoxxx3Y5qik5&client_secret=6412349245332722664&username=YYYY@my.pc&password=XXXX

Answer 6

I am really good at using random passwords for API's which will include ; , or other werid things normal people don't use for passwords. The Salesforce does not appear to appreciate those characters in the api so I use numbers and letter and no special characters. I have run into this more than once so hopefully thins will help someone else and future me as well.

Answer 7

You have to add profile in connected app: Go to : Connected Apps -> Profiles -> Manage Profiles -> Application Profile Assignment -> Select System Administrator -> save

Answer 8

Changing the OAuth Policy Permitted Users setting to "All users may self-authorize" allowed me to make a successful API call.

Found in in Manage Connected Apps -> Edit

Screenshot of Salesforce setting

Answer 9

It could be anything. But... In my case the password I used for the user account contained a pound sign, or hash mark (#), which Salesforce apparently did not like in the least. I got a '400 bad syntax' response when running it out of Postman.

I changed the password to strictly alphanumeric (no punctuation) and instantly got the token.

So my advice is that if you've banged your head against the wall for a couple hours or more like I did on this one thinking you've gone insane, just try changing the password to alphanumeric characters only. It just might work. If it doesn't, then at least you can rule that out.

Answer 10

There is one more setting is important to configure the integration between two Salesforce orgs that should be enabled 'Allow OAuth Username-Password Flows' when getting invalid grant error

Answer 11

It is a usefull advice above to check "Allow oauth user=password flows" setting, spent more than 3 hours to solve problem with invalid gran_type.