Authenticated Oauth workflow required constant login

Clash Royale CLAN TAG#URR8PPP

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;

up vote
2
down vote

favorite

I am very new to the Salesforce API. I am creating a library which connects to Salesforce and accesses data etc.

I am implementing the Web Server Oauth Authentication workflow (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_web_server_oauth_flow.htm), with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

My understanding was that since the client secret is stored on the server, once a connection between the server and Salesforce instances occurs, login credentials are no longer necessary.

I am finding that this is not the case. Every time the Salesforce session expires, my API call first redirects to Salesforce, asks for username/password, and then it can move forward.

Am I using the incorrect workflow? Are there some settings I'm missing in my REST App configuration?

Here is a my authorization URL:

https://test.salesforce.com/services/oauth2/authorize?response_type=code&client_id=[my-client-id]&redirect_uri=https://my-redirect.com

authentication oauth app

share|improve this question

edited 1 hour ago

Jayant Das

9,3152522

asked 1 hour ago

user1015214

1133

New contributor

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
2
down vote

favorite

I am very new to the Salesforce API. I am creating a library which connects to Salesforce and accesses data etc.

I am implementing the Web Server Oauth Authentication workflow (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_web_server_oauth_flow.htm), with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

My understanding was that since the client secret is stored on the server, once a connection between the server and Salesforce instances occurs, login credentials are no longer necessary.

I am finding that this is not the case. Every time the Salesforce session expires, my API call first redirects to Salesforce, asks for username/password, and then it can move forward.

Am I using the incorrect workflow? Are there some settings I'm missing in my REST App configuration?

Here is a my authorization URL:

https://test.salesforce.com/services/oauth2/authorize?response_type=code&client_id=[my-client-id]&redirect_uri=https://my-redirect.com

authentication oauth app

share|improve this question

edited 1 hour ago

Jayant Das

9,3152522

asked 1 hour ago

user1015214

1133

New contributor

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
2
down vote

favorite

up vote
2
down vote

favorite

I am very new to the Salesforce API. I am creating a library which connects to Salesforce and accesses data etc.

I am implementing the Web Server Oauth Authentication workflow (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_web_server_oauth_flow.htm), with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

My understanding was that since the client secret is stored on the server, once a connection between the server and Salesforce instances occurs, login credentials are no longer necessary.

I am finding that this is not the case. Every time the Salesforce session expires, my API call first redirects to Salesforce, asks for username/password, and then it can move forward.

Am I using the incorrect workflow? Are there some settings I'm missing in my REST App configuration?

Here is a my authorization URL:

https://test.salesforce.com/services/oauth2/authorize?response_type=code&client_id=[my-client-id]&redirect_uri=https://my-redirect.com

authentication oauth app

share|improve this question

edited 1 hour ago

Jayant Das

9,3152522

asked 1 hour ago

user1015214

1133

New contributor

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

I am very new to the Salesforce API. I am creating a library which connects to Salesforce and accesses data etc.

I am implementing the Web Server Oauth Authentication workflow (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_web_server_oauth_flow.htm), with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

My understanding was that since the client secret is stored on the server, once a connection between the server and Salesforce instances occurs, login credentials are no longer necessary.

I am finding that this is not the case. Every time the Salesforce session expires, my API call first redirects to Salesforce, asks for username/password, and then it can move forward.

Am I using the incorrect workflow? Are there some settings I'm missing in my REST App configuration?

Here is a my authorization URL:

https://test.salesforce.com/services/oauth2/authorize?response_type=code&client_id=[my-client-id]&redirect_uri=https://my-redirect.com

authentication oauth app

authentication oauth app

share|improve this question

edited 1 hour ago

Jayant Das

9,3152522

asked 1 hour ago

user1015214

1133

New contributor

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 1 hour ago

Jayant Das

9,3152522

asked 1 hour ago

user1015214

1133

New contributor

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

share|improve this question

edited 1 hour ago

Jayant Das

9,3152522

edited 1 hour ago

Jayant Das

9,3152522

edited 1 hour ago

Jayant Das

9,3152522

9,3152522

asked 1 hour ago

user1015214

1133

New contributor

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 1 hour ago

user1015214

1133

asked 1 hour ago

user1015214

1133

1133

New contributor

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

user1015214 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
3
down vote



accepted

I am implementing the Web Server Oauth Authentication workflow with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

That's not correct. With an OAuth flow, you get a token, which you can utilize to login to any system. A token signifies that you are authorized to perform operations based on behalf of an authenticated user.

Tokens will always expire. It just depends upon the maximum expiration limit, which you can set up to 24 hours. So as soon as your token expires, you will need to authenticate yourself again to be able to get a new token.

With the Web Server OAuth Authentication Flow, what you do is that you get a refresh token, which is as good as your username/password, so you should be carefully storing that somewhere. And that in this flow, you can generate a new token whenever it expires by just using the refresh token, instead of sending the username and password with the request.

Apps that are hosted on a secure server use the web server authentication flow. A critical aspect of the web server flow is that the server must be able to protect the consumer secret.

Take a look at How Does the OAuth Refresh Token Fit Into the Authentication Flow?, which explains how you can use refresh token to get a new token whenever it expires.

Both the web server OAuth authentication flow and user-agent flow provide a refresh token that can be used to get a new access token.
Access tokens have a limited lifetime specified by the session timeout in Salesforce. If an application uses an expired access token, a “Session expired or invalid” error is returned. If the application is using the web server or user-agent OAuth authentication flow, a refresh token is provided during authorization. Use this refresh token to get a new access token.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Jayant Das

9,3152522

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks! I knew there was something I was missing, wasn't sure where. Will definitely work on implementing this.
  – user1015214
  1 hour ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "459"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

user1015214 is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f238207%2fauthenticated-oauth-workflow-required-constant-login%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
3
down vote



accepted

I am implementing the Web Server Oauth Authentication workflow with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

That's not correct. With an OAuth flow, you get a token, which you can utilize to login to any system. A token signifies that you are authorized to perform operations based on behalf of an authenticated user.

Tokens will always expire. It just depends upon the maximum expiration limit, which you can set up to 24 hours. So as soon as your token expires, you will need to authenticate yourself again to be able to get a new token.

With the Web Server OAuth Authentication Flow, what you do is that you get a refresh token, which is as good as your username/password, so you should be carefully storing that somewhere. And that in this flow, you can generate a new token whenever it expires by just using the refresh token, instead of sending the username and password with the request.

Apps that are hosted on a secure server use the web server authentication flow. A critical aspect of the web server flow is that the server must be able to protect the consumer secret.

Take a look at How Does the OAuth Refresh Token Fit Into the Authentication Flow?, which explains how you can use refresh token to get a new token whenever it expires.

Both the web server OAuth authentication flow and user-agent flow provide a refresh token that can be used to get a new access token.
Access tokens have a limited lifetime specified by the session timeout in Salesforce. If an application uses an expired access token, a “Session expired or invalid” error is returned. If the application is using the web server or user-agent OAuth authentication flow, a refresh token is provided during authorization. Use this refresh token to get a new access token.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Jayant Das

9,3152522

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks! I knew there was something I was missing, wasn't sure where. Will definitely work on implementing this.
  – user1015214
  1 hour ago
  

  
  
  
  

add a comment | 

up vote
3
down vote



accepted

I am implementing the Web Server Oauth Authentication workflow with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

That's not correct. With an OAuth flow, you get a token, which you can utilize to login to any system. A token signifies that you are authorized to perform operations based on behalf of an authenticated user.

Tokens will always expire. It just depends upon the maximum expiration limit, which you can set up to 24 hours. So as soon as your token expires, you will need to authenticate yourself again to be able to get a new token.

With the Web Server OAuth Authentication Flow, what you do is that you get a refresh token, which is as good as your username/password, so you should be carefully storing that somewhere. And that in this flow, you can generate a new token whenever it expires by just using the refresh token, instead of sending the username and password with the request.

Apps that are hosted on a secure server use the web server authentication flow. A critical aspect of the web server flow is that the server must be able to protect the consumer secret.

Take a look at How Does the OAuth Refresh Token Fit Into the Authentication Flow?, which explains how you can use refresh token to get a new token whenever it expires.

Both the web server OAuth authentication flow and user-agent flow provide a refresh token that can be used to get a new access token.
Access tokens have a limited lifetime specified by the session timeout in Salesforce. If an application uses an expired access token, a “Session expired or invalid” error is returned. If the application is using the web server or user-agent OAuth authentication flow, a refresh token is provided during authorization. Use this refresh token to get a new access token.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Jayant Das

9,3152522

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks! I knew there was something I was missing, wasn't sure where. Will definitely work on implementing this.
  – user1015214
  1 hour ago
  

  
  
  
  

add a comment | 

up vote
3
down vote



accepted

up vote
3
down vote



accepted

I am implementing the Web Server Oauth Authentication workflow with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

That's not correct. With an OAuth flow, you get a token, which you can utilize to login to any system. A token signifies that you are authorized to perform operations based on behalf of an authenticated user.

Tokens will always expire. It just depends upon the maximum expiration limit, which you can set up to 24 hours. So as soon as your token expires, you will need to authenticate yourself again to be able to get a new token.

With the Web Server OAuth Authentication Flow, what you do is that you get a refresh token, which is as good as your username/password, so you should be carefully storing that somewhere. And that in this flow, you can generate a new token whenever it expires by just using the refresh token, instead of sending the username and password with the request.

Apps that are hosted on a secure server use the web server authentication flow. A critical aspect of the web server flow is that the server must be able to protect the consumer secret.

Take a look at How Does the OAuth Refresh Token Fit Into the Authentication Flow?, which explains how you can use refresh token to get a new token whenever it expires.

Both the web server OAuth authentication flow and user-agent flow provide a refresh token that can be used to get a new access token.
Access tokens have a limited lifetime specified by the session timeout in Salesforce. If an application uses an expired access token, a “Session expired or invalid” error is returned. If the application is using the web server or user-agent OAuth authentication flow, a refresh token is provided during authorization. Use this refresh token to get a new access token.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Jayant Das

9,3152522

I am implementing the Web Server Oauth Authentication workflow with the understanding that it differs from the Username-Password workflow in that you shouldn't have to log in each time.

That's not correct. With an OAuth flow, you get a token, which you can utilize to login to any system. A token signifies that you are authorized to perform operations based on behalf of an authenticated user.

Tokens will always expire. It just depends upon the maximum expiration limit, which you can set up to 24 hours. So as soon as your token expires, you will need to authenticate yourself again to be able to get a new token.

With the Web Server OAuth Authentication Flow, what you do is that you get a refresh token, which is as good as your username/password, so you should be carefully storing that somewhere. And that in this flow, you can generate a new token whenever it expires by just using the refresh token, instead of sending the username and password with the request.

Apps that are hosted on a secure server use the web server authentication flow. A critical aspect of the web server flow is that the server must be able to protect the consumer secret.

Take a look at How Does the OAuth Refresh Token Fit Into the Authentication Flow?, which explains how you can use refresh token to get a new token whenever it expires.

Both the web server OAuth authentication flow and user-agent flow provide a refresh token that can be used to get a new access token.
Access tokens have a limited lifetime specified by the session timeout in Salesforce. If an application uses an expired access token, a “Session expired or invalid” error is returned. If the application is using the web server or user-agent OAuth authentication flow, a refresh token is provided during authorization. Use this refresh token to get a new access token.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Jayant Das

9,3152522

share|improve this answer

share|improve this answer

edited 1 hour ago

edited 1 hour ago

edited 1 hour ago

answered 1 hour ago

Jayant Das

9,3152522

answered 1 hour ago

Jayant Das

9,3152522

answered 1 hour ago

Jayant Das

9,3152522

9,3152522

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks! I knew there was something I was missing, wasn't sure where. Will definitely work on implementing this.
  – user1015214
  1 hour ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks! I knew there was something I was missing, wasn't sure where. Will definitely work on implementing this.
  – user1015214
  1 hour ago
  

  
  
  
  

Thanks! I knew there was something I was missing, wasn't sure where. Will definitely work on implementing this.
– user1015214
1 hour ago

Thanks! I knew there was something I was missing, wasn't sure where. Will definitely work on implementing this.
– user1015214
1 hour ago

add a comment | 

user1015214 is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

user1015214 is a new contributor. Be nice, and check out our Code of Conduct.

user1015214 is a new contributor. Be nice, and check out our Code of Conduct.

user1015214 is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f238207%2fauthenticated-oauth-workflow-required-constant-login%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email