You don't get a refresh token with username/password flow, since (a) you have the user's password and can get a new access token when you want and (b) there's no way to get the user's authorization, which is basically what the refresh token represents.
Trying to understand OAuth2 refresh_token flow - keep getting invalid_grant
-
21-09-2022 - |
题
My understanding of the refresh_token flow (http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com) is as follows:
- Get initial token
- At regular intervals do "refresh_token" using the token from (1)
When I attempt to get the initial token using "password" grant on behalf of the user, the subsequent "refresh_token" fails. What am I doing wrong ?
Consider the python example below:
#!/usr/bin/env python
import requests
import sys
from optparse import OptionParser
import json
usage = "usage: %prog [options] arg"
parser = OptionParser(usage)
parser.description = """Get a login token from salesforce
"""
parser.add_option("-u", "--username", dest="username", help="User name")
parser.add_option("-p", "--password", dest="password", help="User password")
parser.add_option("-t", "--securityToken", dest="token", help="User's security token")
parser.add_option("-i", "--client_id", dest="client_id", help="OAuth client_id (aka SF Consumer Id)")
parser.add_option("-s", "--client_secret", dest="client_secret", help="Client Secret (aka SF Consumer Secret)")
(options, args) = parser.parse_args()
resp = requests.post('https://login.salesforce.com/services/oauth2/token', params={
"grant_type":"password",
"client_id":options.client_id,
"client_secret":options.client_secret,
"username":options.username,
"password":options.password + options.token,
"redirect_url":"https://localhost:8080/ls/api/oauth"})
accessInfo = json.loads(resp.text)
access_token = accessInfo["access_token"]
print "Initial Token:", json.dumps(accessInfo, indent=4)
resp = requests.post('https://login.salesforce.com/services/oauth2/token', params={
"grant_type":"refresh_token",
"client_id":options.client_id,
"client_secret":options.client_secret,
"refresh_token":access_token,
"redirect_url":"https://localhost:8080/ls/api/oauth"})
refreshInfo = json.loads(resp.text)
print "Refresh token:", json.dumps(refreshInfo, indent=4)
解决方案
不隶属于 StackOverflow