New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting authentication failure error #169
Comments
I have the same behaviour. The weird part is the sometimes it works, and sometimes I get the It happens if I use the same client object over and over again but also if I instantiate a fresh client for every call. |
Bump I'm having the same issues over here. Our issue is only in our development and testing environments interacting with SFDC Sandbox. We'll be able to successfully connect, then in subsequent tries/calls it fails.
Any solutions out there? |
Dang! this seems like a bad one, occurring it Production now. |
Had this error today and found something that fixed it Going to connected apps in salesforce and changing 'permitted users' from 'Admin approved users are pre-authorized' to 'All users may self-authorize' immediately fixed it for me. |
When you have to establish a Salesforce session several times then it is usually advantageous to use a singleton implementation. |
+1. Same issue. |
👍 looks like this is just a SF issue. |
And also this page is helpful to solve authentication failure. |
For me the restforce documentation was wrong. I had to remove the security token option for it to work. So instead of:
it's
|
@tmac Interesting! In the documentation it says that now you have to append the security token to the password - but we're definitely providing them separately. I'll leave the documentation for now until we find out some more. |
I just spent a couple of hours dealing with this issue and I can confirm that I was unable to authenticate until I removed the |
Strange. I'm definitely not doing that with out Salesforce instance - perhaps it's a different version or something like that. Would you like to add a note to README.md? Thanks for taking the time to debug! Sent from my iPhone
|
Will do, but can you confirm the API version that you're using? I'm using version 36 and didn't try any other version. Perhaps we can pinpoint which versions require this approach and be specific about that in the README. |
I can confirm this with both the default version (28 I think?) and 32 which I'm currently using. |
It's probably worth noting that so far I've only tested against our sandbox. Is it possibly different in production? |
After some more testing I discovered that this was partially my fault. Here's what happened:
Terribly sorry about the confusion. tl;dr: you can either set the security token through the environment variable or by appending it to the password. However, don't do both or authentication will fail. |
🎉🎉🎉 Great work! Sent from my iPhone
|
Update 1: only when connecting to SFDC from Heroku can I reproduce these sporadic errors; when I connect to Update 2: I can successfully authenticate via CURL dozens of times without error, both from my local machine and from a Heroku bash shell running on my Heroku dyno: I'm having this problem as well. It's sporadic, but about 4-10% of the time I get authentication errors:
I tried removing the |
Same issue. Tried all of the fixes in here on Tuesday and it worked. Now it's Thursday and it's not working again. Really weird. |
worked for me: I had to "unlock" the user manually - I went to user/edit and there was an "unlock" button available. 1 click and no more errors:) |
I'm experiencing a similar issue -- successfully authenticate via CURL, but when I try to use this gem I am not getting an access token. Followed all the tips out there in order to get the CURL command to work correctly (relaxed IP restrictions, all users may self authorize). This was very helpful: http://www.calvinfroedge.com/salesforce-how-to-generate-api-credentials/ With restforce (using the username/pw auth flow) I have tried concatenating my security token to my password, keeping the security token in addition to un/pw/client id/client secret, and removing security token altogether. Still unable to successfuly auth with restforce. Any suggestions? This seems to be the most relevant issue thread with recent activity. |
Hi David! It might be worth getting in touch with Salesforce - it's It might be worth following through the authentication logic (starting in On Wed, Aug 17, 2016 at 10:57 PM David Lasher notifications@github.com
|
What ever happened with this? It's now 2018 and this is still happening to me (new salesforce user). Why is it so hard to have clarity around how to connect and have the right auth sauce? |
It's difficult for me to say - although I maintain the gem, I've never experienced the problem myself, and we've never got a clear view of exactly how people have fixed it when they have done. Have you experimented with some of the solutions in this thread? |
@adamthedeveloper can you share how you are authenticating so we can help? What error are you getting? |
As a note, I received the invalid_grant message doing this:
But connected successfully using this and NOT appending the security token to the PW:
|
@hoenth I am seeing the exact opposite of you. I have to pass in the username, password, security_token, client_id and client_secret or I get invalid_grant. So strange that different combos work for different people. What's even more frustrating is that the authority, Salesforce themselves, don't spell out exactly what settings are needed to auth correctly. One thing I will say is that our api_version is 26.0. We've just recently signed up to use salesforce and the responses I get back from salesforce include this:
Should I be setting the api_version like you are in your example? What caveats are there to forcing the api version? |
@adamthedeveloper How do you know your API version is 26? 26.0 may be the default in RestForce if no other api version is supplied. 41 is the current version. At least, it is the version that is listed when I build the wsdl for our instance. If you go to Setup | Build | Develop | API | Generate Partner WSDL, you should see the version that you are using. |
@hoenth My clue that 26 is the version simply came from the response back within the options attribute when I instantiate the client:
I'll take a look at that WSDL page you suggested to see what it says. I am currently not specifying the version when I instantiate the client. It prints out as api_version 26.0 - hence, I assume that is the version salesforce is defaulting to - as you suspect. |
Hmmm.....when I instantiate a client, will it eventually timeout or something? I'm using a singleton in my rails app. When I open a console and try to run a query, it works fine. I never get auth failures. I'm wondering if setting up the client as a singleton upon app initialization is the problem. Does the client timeout? |
Ok, a little more to show you. I'm getting this error: Restforce::UnauthorizedError: Connection prefix not set Again, this only happens on occasion and I'm not sure why. Any help anyone can offer is most welcome. Thanks- Adam |
I was also investigating this The new security token got emailed to an email address that I didn't follow. I found this thing out when I redid the setup from scratch - then I noticed there were previously sent "security token was reset" emails that had gone unnoticed. Providing both the security token and password works for me: client = Restforce.new(username: ENV.fetch('SALESFORCE_USERNAME'),
password: ENV.fetch('SALESFORCE_PASSWORD'),
security_token: ENV.fetch('SALESFORCE_SECURITY_TOKEN'),
client_id: ENV.fetch('SALESFORCE_CONSUMER_KEY'),
client_secret: ENV.fetch('SALESFORCE_CONSUMER_SECRET'),
api_version: ENV.fetch('SALESFORCE_API_VERSION'))
# Methods for checking whether the connection works
client.authenticate!
client.describe |
So I was also hitting this and the key was removing the security_token and removing the ENV var since the lib auto detects the var |
This error is coming randomly for us as well, we are not using Configuration sample:-
|
Tried to dig down a bit and tried creating HTTP request myself with the creds and when we are getting errors in Restforce a normal curl request also starts to fail, so I think it's more of a salesforce issue. |
Had the same issue as the OP. I was testing in sandbox and needed to specify host (test.saleforce.com) in Restforce.new(), that fixed it for me. |
Hey there @timrogers I think I might have found what this is, or at least why I am getting invalid_grant errors. The system I am building sends messages one at a time as they come in, this all works perfectly, then suddenly, after a busy period I just start getting invalid_grants. As this sounded like a limit issue to me (working -> high traffic -> not working) I investigated, and sure enough, I was doing more than 3600 requests in an hour and hitting the Salesforce 3600 logins per hour limit (we use username / password in our request). -> https://help.salesforce.com/s/articleView?id=000312767&type=1 Looking around, I can't find a way to tell RestForce to use the same SessionId as a previous request, does RestForce support this? As a second note, I'm getting "invalid_grant" from Salesforce as the error, not too many logins or some other helpful message :) After a bit of thinking, I tried implementing a simple thread based cache on the RestForce client for my background job, and this seems to be working... So for others who might be hitting this, instead of something like this: class SendToSalesforceService
attr_reader :client
def initialize
@client ||= Restforce.new
...
end
def execute!
client.upsert(...)
end Which will initialize a new restforce client every time you send something to salesforce... try something like this: class SendToSalesforceService
def initialize
...
end
def client
Thread.current[:restforce_client] ||= Restforce.new
end
def execute!
client.upsert(...)
end Which will set up one RestForce client per thread running. As we have about 40-50 sidekiq jobs running sometimes to clear out thousands of entries we are sending to Salesforce, it seems this handles it with only 1 login per sidekiq worker instead of one per entry sent. |
@ lubieniebieski many many thanks!
This was the trick! Edit: SalesForce sends a email when the account is UNLOCKED:
But annoyingly doesn't send one to say its LOCKED!! 😞 |
@mikel great idea, I am curious though... as each sidekiq job runs in its own process, do you really need the |
Hi,
I can understand the obvious reason of this can be wrong client_id or client_secret or user credentials but the same credentials are working with
databasedotcom
gem.When I tried it with
restforce
likeI got error
Restforce::AuthenticationError: invalid_grant: authentication failure
And when I tried it with
databasedotcom
likeAnd it just worked fine. Please correct me if I am missing something.
The text was updated successfully, but these errors were encountered: