I'm attempting to use Outh authentication for my PHP request to Salesforce but I can't get my ClientID and SecretID for my app.
I normally have an option to View these values but for some reason I'm unable to view them with an administrator login.
I created a new App and was able to get the credentials successfully, so I know it's not the account permissions preventing me from accessing this information.
Does anyone with experience of Salesforce have any experience with an inability to get these details?
Thanks!
Is it a normal app created in this org or managed connected app, coming from installed package? You can't see secrets of managed app.
For normal app they're hidden behind a button. For me clicking it takes me to email challenge (provide OTC or one-time code we've sent to your mailbox). Completing that I can access the page with key and secret I can copy-paste.
Your user might be misconfigured. Try to fish around with browser's source inspector, maybe the button's there but doesn't render?
<input id="appsetup:setupForm:details:oauthSettingsSection:manageConsumerKeySecretSection:manageConsumer" type="submit" name="appsetup:setupForm:details:oauthSettingsSection:manageConsumerKeySecretSection:manageConsumer" value="Manage Consumer Details" class="btn gsbutton">
Is your email valid in this org (maybe it's a fresh sandbox with ".invalid")? Do you use Multi Factor Authentication? Do you think you have "high assurance session" configured when accessing certain areas of setup? Can be in Setup -> Session Settings or in your Profile
thank you for writing back to me regarding the issue.
The issue I encountered was trying to get the API credentials for an existing app but I was able to create a new App which is posting the Leads successfully into the system.
So the answer to my problem was that the original app was misconfigured when it was created and I was able to create a new App to resolve the problem.
Related
I am trying to authenticate with Okta in my iOS app, Create a app is Okta dashboard and added client id and redirect url's. After setting up and installing app in simulator. app is throwing the below error:
Please let me know if i missed any settings.
Created a native app from dashboard.
It looks like the client ID you're sending in the request is not what you think it is. You should be able to copy the URL from your browser, paste it in something like Notes, and examine the client ID. Make sure it matches what you have in your Okta org and that it doesn't contain any unexpected characters in it.
That's a common problem being faced by every newbie.
Here are some steps which will guide you to make your Okta authentication without error.
Create an application in Okta Page.
At text field & you may put your domain id. ex dev-xxxx.okta.com:/callback
Provide the same detail in your okta.plist in iOS Application.
You may refer to the Okta 'GitHub Repositories' for working samples.
Thanks.
I've created an app using react native and which is using an IdentityServer 4 server to for authentication. I'm using react-native-app-auth to perform the authentication.
When I click login the app tries to open the Identity Server login page in Safari and iOS shows a standard dialog to say:
"myApp" Wants to Use "myIdServerUrl" to Sign In.
The problem is, where it should say myIdServerUrl, it actually says (null) as you can see in the screenshot.
Does anyone know why this might be? I'm not sure if its something I've misconfigured on the app side or something I'm not sending back from IdentityServer that I should be. I would have thought it would have just shown the URL that I'm requesting but that's not the case as the login page opens correctly when I click continue, so I haven't provided a null URL or anything.
If anyone knows where iOS looks when populating this dialog that would be a great help.
Thanks a lot!
EDIT
After a bit more investigation I've found that a CONNECT request is made to the Identity Server before showing the dialog. This suggests to me that the data it's using is somewhere in the certificate as the CONNECT request is where an SSL connection is requested for HTTPS sites. I'm still not sure what field I'm missing though. I have the Subject Alternative Name populated so I'm not sure what else it could be looking for.
EDIT
It seems, if the URL has a recognizable top-level domain, the domain name (as defined here) will be reported by the dialog. For example, some.host.name.zw will be referred as name.zw and video.google.co.uk as google.co.uk.
Otherwise, ("null") is produced, as in case of some.host.name.local, etc.
It is still an empirical finding, I don't have any official reference to this, but one that is easy to test.
I have registered my application here.
I have given all permissions to my App in that panel as well.
I specifically need Groups.ReadWrite.All which requires an admin ? requirement I am not sure what this even means.
https://apps.dev.microsoft.com/#/application/
Okay App is registered and redirect url has been copied.
Now I take that redirect url copy it and paste it into the admin panel for apps. At this link at App Registrations
https://portal.azure.com/
I am not sure why I have to register in two different panels, one which gives me a redirect url for my native app and the other that leaves it blank.
Great So then I setup my iOS app to make a graph request. This scope
https://graph.microsoft.com/Calendars.ReadWrite
I need to readwrite groups so I add this permission
https://graph.microsoft.com/Group.ReadWrite.All
It fails to authenticate.
I have checked that I have added the permissions to my app, and I have at this app registration panel https://apps.dev.microsoft.com/#/application/
Then I try to add the same permissions in the
https://portal.azure.com/
it gives me
Unable to Complete Request Validation Error, then doesn't do anything.
I tried to add a non admin permission same error.
So what is going on here ... ?
So even though they told me use the Graph API from now on moving forward in the docs I tried to go back to their office 365 SDK for iOS, it also has problems as I cannot get the pods to work as per instructions.
I am 100% sure after this issue is resolved I will need permissions
Note: I work at as a consultant for a bank so if someone can tell me what the azure administrator at the bank has to do to get my permissions escalated to admin status that would be great....
Thanks
Those are 2 different registrations,
Per this documentation (https://graph.microsoft.io/en-us/docs/authorization/auth_overview), for personal accounts like live.com or outlook.com, use the Azure AD v2.0, and for the enterprise, use the Azure AD.
So, for your case, I believe you need the latter, the azure AD.
For this to happen, as you said, go https://portal.azure.com/ and add the app registration.
In order to do so, you would need to
select "Azure Active Directory" and go "App registrations".
Once you create an app, you would need to select "native" for the iOS, and then under app access, under "required permissions" add "Microsoft Graph" followed by selected permissions you would like.
To answer the note, you would need permissions to create an app at the portal, otherwise, you would need to ask for that permission or have the admin create an app for you.
Some samples are available at https://github.com/microsoftgraph/ios-objectivec-connect-sample and https://github.com/microsoftgraph/ios-swift-connect-sample for iOS samples.
Hope this helps!
I am using azure AD authentication to authenticate a user in my MVC
application.And I published my application on azure and it is
working fine.
But, when I run my application locally then it Microsoft's login
page comes up and when I enter credentials and click on SignIn
button then it is giving "Sorry, but we’re having trouble signing
you in.We received a bad request."
But the same application is on azure and if I access it from there then it allow me to login.
To create this apllication I follwed link to add azure AD authentication
If you notice the error message, it clearly indicates that you have not configured https://localhost:44320 as one of the reply addresses.
Please go back to application configuration screen in your Azure AD and add https://localhost:44320 as additional reply address. That should take care of this problem.
Add the below to your Web.config. It must be the same port which you have added at the time of Application registration.
<add key="RedirectUri" value="https://localhost:44320/" />
I hit this, it has cost me a lot of time.
I would check firstly that you have the ability in Azure to access third party applications.
In Azure > Users & Groups > User Settings:
You see the first item (Users can allow apps to access their data) - without this checked I believe it wont work.
As you are running your application locally it is not published to Azure, this means that although it may be within the realms of your organisations network, Azure still views it as a third party application.
Be wary setting this to 'Yes'. I understand that there are ways to then create applications that allow you to behave as an Azure super user....
In case anyone else comes across this, here is what happened to me. I had been switching back and forth between environments within Visual Studio (Project >> Properties >> Debug >> Environment Variables). Well, the last time I switched it, I wrote "Develop" instead of "Development" to switch back. This caused .NET Core to grab the wrong appsettings which connected to the wrong AD which did not have my localhost setup on it. It took me an hour to catch what I had done wrong.
This may not be exactly what has happened to you, but do check to make sure you are picking up the Azure AD settings you are expecting if they are in your appsettings. It could be a good point to start at.
I am brand new to SalesForce development, and want to explore the API and its capabilities. I have created a new Developer Edition account. I have not yet tried to access the API programmatically, but I am trying (unsuccessfully) to access it via both the Workbench ( https://workbench.developerforce.com/login.php ) and the Apigee Console ( https://apigee.com/console/salesforce ).
For some reason, in both cases I'm redirected to a URL with OAuth error code 1800 (e.g. https://na15.salesforce.com/setup/secur/RemoteAccessErrorPage.apexp?oauth_error_code=1800&display=popup in the Workbench case). At this URL, I am getting a screen with the text "Remote Access Authorization Error" - "There was a problem in setting up your remote access". What am I doing wrong?
Some additional details:
I can log into SalesForce just fine, the problem only occurs with API/OAuth access
I have not touched anything in my brand-new Developer Edition account, except for (1) populating it with some sample data (Leads, Accounts, Contacts), and (2) resetting the security token (through "My Personal Information" -> "Reset My Security Token")
On the WorkBenh login screen, it does not matter which API version I choose (tried 24, 25 and 26), and I am using "Production" for the Environment since my login doesn't seem to work at all for Pre-Release or Sandbox
(not a real answer, I expect to update it frequently as the situation develops)
Weird.
Yes, Developer Edition is a "Production" as far as connecting apps are concerned. You might have to file a Case with Salesforce Support (Help&Training link in the upper right corner).
Workbench does use API (and probably so does this Apigee thingie) but if you're using your username & pass I don't see how it might go to OAuth...
Can you download any other SF-related tooling (Data Loader, Force.com IDE, Real Force Explorer, Excel Connector, some iPad/Android app... hell, Chatter for Desktop even) and try the connectivity?
Sometimes API products don't display special field for the security token (which you can bypass by entering longer string in the password field: "passwordSecurityToken") but Workbench never asked for a token when I was accessing my Dev. Edition.
There was an issue with OAuth on NA15, but should be resolved now. I tested with Workbench with a brand new NA15 org and its working as expected.
I've run into this when I try and "short circuit" the auth url by decoding the startUrl param and going straight to it in a tab that's already logged in. For example
login to some org on na14.salesforce.com
click sfdx authorize an org in vs code with default url
get sent to a url like https://login.salesforce.com/?startURL=%2Fsetup%2Fsecur%2FRemoteAccessAuthorizationPage.apexp%3Fsource%3D<long_base64_encoded_string>
use a url decoder (i.e. https://meyerweb.com/eric/tools/dencoder/) to translate that to https://login.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
change the url to match the domain i'm logged in as, i.e. https://na14.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
go through the standard oauth grant
success
For the most part that works fine, but in some cases I get that wonderful oauth error 1800. In those cases I've been able to work around the issue by specifying the specific domain my instance is on when starting the oauth authorization. Using the above example for step 2 I would chose https://na14.salesforce.com for the the url (other oauth flows typically provide a similar custom url input, but ymmv). Voila, step 7 is successful.
Can't say for sure if that's exactly what will happen for others.