Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Salesforce Provider sends incorrect request to token endpoint
See original GitHub issueProvider type
Salesforce
Environment
System:
OS: macOS 12.2.1
CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Memory: 394.78 MB / 16.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 16.14.1 - ~/.nvm/versions/node/v16.14.1/bin/node
npm: 8.5.0 - ~/.nvm/versions/node/v16.14.1/bin/npm
Browsers:
Brave Browser: 98.1.35.101
Firefox: 98.0.1
Safari: 15.3
npmPackages:
next: ^12.0.4 => 12.0.4
next-auth: ^4.3.0 => 4.3.0
react: ^17.0.1 => 17.0.2
Reproduction URL
https://github.com/arx111/next-auth-example/blob/main/pages/api/auth/[...nextauth].ts
Describe the issue
for the Sandbox version of salesforce, we would use test.salesforce.com domain instead of login.salesforce.com for all the requests including Oauth2 endpoints. documented here:
https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_endpoints.htm&type=5
All endpoints require secure HTTP (HTTPS). Instead of using login.salesforce.com, you can also use the My Domain, Experience Cloud site, or test.salesforce.com (sandbox) domain in these endpoints. For hostname, use the My Domain, Experience Cloud site, or custom URL.
however i get this error when salesforce redirects us to the callback:
[next-auth][error][OAUTH_CALLBACK_ERROR]
https://next-auth.js.org/errors#oauth_callback_error invalid_client_id (client identifier invalid) {
error: {
message: 'invalid_client_id (client identifier invalid)',
stack: 'OPError: invalid_client_id (client identifier invalid)\n' +
' at processResponse (/Users/.../node_modules/openid-client/lib/helpers/process_response.js:38:13)\n' +
' at Client.grant (/Users/.../node_modules/openid-client/lib/client.js:1340:22)\n' +
' at processTicksAndRejections (node:internal/process/task_queues:96:5)\n' +
' at async Client.oauthCallback (/Users/.../node_modules/openid-client/lib/client.js:612:24)\n' +
' at async oAuthCallback (/Users/.../node_modules/next-auth/core/lib/oauth/callback.js:114:16)\n' +
' at async Object.callback (/Users/.../node_modules/next-auth/core/routes/callback.js:50:11)\n' +
' at async NextAuthHandler (/Users/.../node_modules/next-auth/core/index.js:139:28)\n' +
' at async NextAuthNextHandler (/Users/.../node_modules/next-auth/next/index.js:21:19)\n' +
' at async auth (webpack-internal:///./src/pages/api/auth/[...nextauth].tsx:13:12)\n' +
' at async Object.apiResolver (/Users/.../node_modules/next/dist/server/api-utils.js:102:9)',
name: 'OPError'
},
providerId: 'salesforce',
message: 'invalid_client_id (client identifier invalid)'
}
[next-auth][error][CALLBACK_OAUTH_ERROR]
https://next-auth.js.org/errors#callback_oauth_error invalid_client_id (client identifier invalid) OPError: invalid_client_id (client identifier invalid)
at processResponse (/Users/.../node_modules/openid-client/lib/helpers/process_response.js:38:13)
at Client.grant (/Users/.../node_modules/openid-client/lib/client.js:1340:22)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Client.oauthCallback (/Users/.../node_modules/openid-client/lib/client.js:612:24)
at async oAuthCallback (/Users/.../node_modules/next-auth/core/lib/oauth/callback.js:114:16)
at async Object.callback (/Users/.../node_modules/next-auth/core/routes/callback.js:50:11)
at async NextAuthHandler (/Users/.../node_modules/next-auth/core/index.js:139:28)
at async NextAuthNextHandler (/Users/.../node_modules/next-auth/next/index.js:21:19)
at async auth (webpack-internal:///./src/pages/api/auth/[...nextauth].tsx:13:12)
at async Object.apiResolver (/Users/.../node_modules/next/dist/server/api-utils.js:102:9) {
name: 'OAuthCallbackError',
code: undefined
}
the following token retreival request to salesforce:
POST /services/oauth2/token HTTP/1.1
Host: mycompany.my.salesforce.com
Content-length: 307
Content-type: application/x-www-form-urlencoded
grant_type=authorization_code&
code=aPrxhgZ2MIpkSy0aOdn07LjKFvsFOis6RGcWXz7p8JQCjcqfed5NQLe7sxWwMY_JQFuLwHRaRA==&
client_id=3MVG9IHf89I1t8hrvswazsWedXWY0iqK20PSFaInvUgLFB6vrcb9bbWFTSIHpO8G2jxBLJA6uZGyPFC5Aejq&
client_secret=*******************&
redirect_uri=https://www.mycustomerorderstatus.com/oauth2/callback
as described at: https://help.salesforce.com/s/articleView?id=remoteaccess_oauth_web_server_flow.htm&type=5&language=en_US
fails and returns that error
i suspect it is due to incorrectly constructructing the Post request above.
when i implement custom request:
token: {
url: "https://test.salesforce.com/services/oauth2/token",
async request(context) {
try {
const { data: tokens } = await axios.post<any, AxiosResponse<TokenSet>>("https://test.salesforce.com/services/oauth2/token", qs.stringify({
grant_type: "authorization_code",
code: context.params.code,
client_id: context.provider.clientId,
client_secret: context.provider.clientSecret,
redirect_uri: "http://localhost:3000/api/auth/callback/salesforce"
}), {
headers: {
"Content-Type": "application/x-www-form-urlencoded"
}
});
console.log("received", tokens)
return { tokens };
} catch (e) {
console.log(e)
throw e
}
}
},
Everything works fine
How to reproduce
-
attempt to login with default configuration, on test endpoints, this fails
-
and implement custom request as above. this returns correct response with access token
Expected behavior
we should get access token from salesforce
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
For the record, I had some troubles making the Salesforce provider work. At the end, this did it:
not working