This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Salesforce Account Example getting - "invalid client credentials" - client_secret= is being passed?

Posted on 02-07-2017 06:16 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Trying the sample application from this article link and I'm getting the error - "invalid client credentials". Tested everything with Postman and all looks good, however, I noticed in the apigee trace that it is sending client_secret= (with no value). Checked the zip file in the article and I didn't see where I'm suggesting this int he XML ;(

Any ideas? On Salesforce if I pass the client secret all works and if I pass not client secret or just client_secret= I get the same error. Not sure how I can fix this - do I have control over this?

Seems like an issue on Salesforce - grant_type=password shouldn't require a client_secret I believe...

Thanks!

0 1 3,474
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

I haven't looked at the link, but regarding your last suggestion - that it's an issue with SF and a password grant should not require a client_secret.... that's not true of standard OAuth. If you look in section 4.3 of IETF RFC 6749, you'll see that it recommends that a client_id and client_secret be sent as part of an Authorization header, in a request-for-token that uses the password grant.

0 Likes