Trying the sample application from this article link and I'm getting the error - "invalid client credentials". Tested everything with Postman and all looks good, however, I noticed in the apigee trace that it is sending client_secret= (with no value). Checked the zip file in the article and I didn't see where I'm suggesting this int he XML ;(
Any ideas? On Salesforce if I pass the client secret all works and if I pass not client secret or just client_secret= I get the same error. Not sure how I can fix this - do I have control over this?
Seems like an issue on Salesforce - grant_type=password shouldn't require a client_secret I believe...
Thanks!
I haven't looked at the link, but regarding your last suggestion - that it's an issue with SF and a password grant should not require a client_secret.... that's not true of standard OAuth. If you look in section 4.3 of IETF RFC 6749, you'll see that it recommends that a client_id and client_secret be sent as part of an Authorization header, in a request-for-token that uses the password grant.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |