I'm trying to use Oauth to connect to salesforce from a .NET app. I'm using DotNetOpenAuth at the moment, and having no luck. I can get twitter / google etc to work fine, but when I create a new consumer service for Salesforce, it just gives me an error (400 / Bad Request)
I'm using the InMemoryTokenManager, but before I get shouted at, let me re-iterate that twitter et al work fine this way. I do intent to replace the inmemorytoken manager with a database implentation, but for now I just want to get it working.
The strange thing is, if I manually create the URL - https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=[consumer_key]&redirect_uri=[redirect_url] and enter it in the browser I end up at a salesforce page to authorise the app to access my account - the one I expect to see should everything work.
Is this expected behaviour? It seems like a security hole, but maybe I'm not understanding everything correctly.
Any ideas where I'm going wrong?
ConsumerCode - (well, the important part at least)
public static readonly ServiceProviderDescription ServiceDescription = new ServiceProviderDescription
{
RequestTokenEndpoint =
new MessageReceivingEndpoint(
"https://login.salesforce.com/services/oauth2/authorize",
HttpDeliveryMethods.GetRequest |
HttpDeliveryMethods.AuthorizationHeaderRequest),
UserAuthorizationEndpoint =
new MessageReceivingEndpoint(
"https://login.salesforce.com/services/oauth2/authorize",
HttpDeliveryMethods.GetRequest |
HttpDeliveryMethods.AuthorizationHeaderRequest),
AccessTokenEndpoint =
new MessageReceivingEndpoint(
"https://login.salesforce.com/services/oauth2/token",
HttpDeliveryMethods.GetRequest |
HttpDeliveryMethods.AuthorizationHeaderRequest),
TamperProtectionElements =
new ITamperProtectionChannelBindingElement[] {
new HmacSha1SigningBindingElement() },
};
OAuthController.cs
if (this.SFTokenManager != null)
{
var SF = new WebConsumer(SFConsumer.ServiceDescription, this.SFTokenManager);
// Is Twitter calling back with authorization?
var accessTokenResponse = SF.ProcessUserAuthorization();
if (accessTokenResponse != null)
{
this.SFAccessToken = accessTokenResponse.AccessToken;
}
else if (this.SFAccessToken == null)
{
// If we don't yet have access, immediately request it.
SF.Channel.Send(SF.PrepareRequestUserAuthorization());
}
return View("SFIn");
}
else
{
return View("SFOut");
}
The line I get my 400 at is
// If we don't yet have access, immediately request it.
SF.Channel.Send(SF.PrepareRequestUserAuthorization());
DotNetOpenAuth says its oAuth support is 1.0 & 1.0a, while you're trying to access the oAuth 2.0 service at salesforce, the 2 protocols are not compatible.