VMX Failed Case Creation

[brandon-hall1]

Contact flow populates all 6 contact attributes referenced in the Test contact flow, then transfers to provided Sample flow for VM functionality. Case is never created in Salesforce and the following error is shown in the CloudWatch log for the VMX Packager lambda.

[ERROR] 2022-02-19T13:14:52.823Z 9c44004d-89ce-473c-b579-79d1b20f3cc8 Invalid base64-encoded string: number of data characters (1625) cannot be 1 more than a multiple of 4

[ERROR] 2022-02-19T13:14:52.823Z 9c44004d-89ce-473c-b579-79d1b20f3cc8 Record 1 Result: Failed to create case

[dcarbonetti]

Please double check the parameter for your encoded key and make sure it doesn't have a space or like break at the end of the value

[brandon-hall1]

I've verified that the key id and secret and both have no extra characters (20 and 40 characters long respectively).

[dougjaso]

Can you validate your salesforce config using the awsscv_salesforce_validator lambda function?

[brandon-hall1]

The awsscv_salesforce_validator lambda throws the same error.

Response: { "Status": "FAILURE", "Reason": "Invalid base64-encoded string: number of data characters (1625) cannot be 1 more than a multiple of 4" }

[dougjaso]

Make sure that you completed step 8 in these instructions. Then, make sure that is pasted into the SalesforceSecrets in Secrets Manager as sfPrivateKey. Make sure there are no spaces before or after the key value.

[brandon-hall1]

That seems to have fixed the previous error, but now the validator lambda is showing the following response: { "Status": "FAILURE", "Reason": "" }

Relevant debug info: [DEBUG] 2022-02-25T19:45:06.595Z 64105b11-39e6-4ab6-9beb-592de9e0dc97 Starting new HTTPS connection (1): login.salesforce.com:443 [DEBUG] 2022-02-25T19:45:06.736Z 64105b11-39e6-4ab6-9beb-592de9e0dc97 https://login.salesforce.com:443 "POST /services/oauth2/token HTTP/1.1" 400 None [DEBUG] 2022-02-25T19:45:06.754Z 64105b11-39e6-4ab6-9beb-592de9e0dc97 <Response [400]> [ERROR] 2022-02-25T19:45:06.774Z 64105b11-39e6-4ab6-9beb-592de9e0dc97
END RequestId: 64105b11-39e6-4ab6-9beb-592de9e0dc97 REPORT RequestId: 64105b11-39e6-4ab6-9beb-592de9e0dc97 Duration: 3058.58 ms Billed Duration: 3059 ms Memory Size: 128 MB Max Memory Used: 80 MB Init Duration: 343.76 ms

[dougjaso]

Can you validate that you:

1. Set the Profile of the awsutil user to to System Administrator
2. Created a new connected APP following these instructions
3. Created a new Permission set and assigned it using these instructions

[brandon-hall1]

1. Verified that awsutil user is assigned to System Administrator profile
2. Connected app is configured as described in the instructions
3. Permission set is assigned to awsutil user and the AWS_Utility connected app.

[brandon-hall1]

I believe that I've tracked down the issue, not sure what all in the setup I will have to change for this however.

Our Salesforce org is located on Government Cloud (instance NA21), which doesn't support login through login.salesforce.com. I'm assuming I could change the "login.salesforce.com" to our my domain URL, but not entirely sure where this URL is located within the AWSSCV layer.

Documentation on GovCloud login restrictions: https://help.salesforce.com/s/articleView?id=000331188&type=1

[brandon-hall1]

I've figured it out and now have both the validator and packager lambdas working now. This error was caused by the GovCloud restrictions surrounding the typical OAuth flow, but a slight modification to the authentication process remediates it.

Solution: Within the awsscv_common_python layer, modified lib/python3.8/site-packages/awsscv/sf_auth.py

Added to get_access_token function: host = settings[SalesforceConfig.HOST_PROP]

Modified this block of code within the get_access_token function to use the host variable rather than audience: resp = requests.post( host + '/services/oauth2/token', data='grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=' + token, headers={'Content-Type': 'application/x-www-form-urlencoded'} )

Thanks for all the help @dougjaso

[dougjaso]

Glad you noticed it. We're testing a variant of the same solution in multiple environments.