refresh token using omniauth salesforce

2
votes

This is a ruby question using omniauth-salesforce. I have omniauth 1.1.1 and omniauth-salesforce 1.0.3, and I can get user authenticated. However no refresh_token is returned by default. I only get access_token. My callback URL is http:// localhost:3000/auth/salesforce/callback

Based on the description of "Digging Deeper into OAuth2.0 on Force.com", the default scope of https://login.salesforce.com/services/oauth2/authorize is id api refresh_token. But this is not the case.

Then I I tried to specify scope parameter in the omniauth.rb

provider :salesforce, salesforce_client_id, client_secret, {:scope => "id api refresh_token"}

Then I got an error saying: the requested scope is not allowed

In addition, if I try to put the following on a browser and I got the same error message

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9rFJvQRVOvk4RuIKaSYwf07LcsMtIAUK7h3Q6n5OHfD.IbFpEsROli3SqxWo67RklJ5FBdnYf4ejHNFrq&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fsalesforce%2Fcallback&display=page&scope=api

Any help will be greatly appreciated.

Thanks,

1
omniauth

1 Answers

8
votes

You are correct to set the scope in your omniauth.rb's provider statement. However, before salesforce.com will issue a refresh_token the application must be configured to support this OAuth scope.

  1. On salesforce.com, navigate to where you app is configured. (Setup > Create > Apps)
  2. Under Connected Apps, click on your application's name to view its settings, then click Edit.
  3. Under Selected OAuth Scopes, ensure that "Perform requests on your behalf at any time" is selected. You must include this even if you already chose "Full access".
  4. Save, then try your OAuth flow again. It make take a short while for the update to propagate.

In your callback controller action, the refresh_token will now be available in request.env["omniauth.auth"].credentials.refresh_token.