Does this driver even work with OAuth bearer flow?

[kevinquillen]

I have set everything up properly and can authenticate my web app over OAuth JWT, but the same credentials and key pair fail in dbeaver using this driver using the exact set up steps.

The logs only have this:

2023-10-11 21:06:12.807 - end-user denied authorization
com.salesforce.cdp.queryservice.util.TokenException: end-user denied authorization
    at com.salesforce.cdp.queryservice.util.TokenHelper.exchangeToken(TokenHelper.java:270)
    at com.salesforce.cdp.queryservice.util.TokenHelper.retrieveTokenWithPasswordGrant(TokenHelper.java:145)
    at com.salesforce.cdp.queryservice.util.TokenHelper.getToken(TokenHelper.java:85)
    at com.salesforce.cdp.queryservice.util.QueryTokenExecutor.lambda$getTokenWithTenantUrl$2(QueryTokenExecutor.java:106)
    at com.salesforce.cdp.queryservice.internal.net.jodah.failsafe.Functions.lambda$get$0(Functions.java:46)
    at com.salesforce.cdp.queryservice.internal.net.jodah.failsafe.RetryPolicyExecutor.lambda$supply$0(RetryPolicyExecutor.java:65)
    at com.salesforce.cdp.queryservice.internal.net.jodah.failsafe.Execution.executeSync(Execution.java:128)
    at com.salesforce.cdp.queryservice.internal.net.jodah.failsafe.FailsafeExecutor.call(FailsafeExecutor.java:378)
    at com.salesforce.cdp.queryservice.internal.net.jodah.failsafe.FailsafeExecutor.get(FailsafeExecutor.java:68)
    at com.salesforce.cdp.queryservice.util.QueryTokenExecutor.getTokenWithTenantUrl(QueryTokenExecutor.java:105)
    at com.salesforce.cdp.queryservice.util.QueryExecutor.getQueryConfig(QueryExecutor.java:100)
    at com.salesforce.cdp.queryservice.core.QueryServiceConnection.getQueryConfigResponse(QueryServiceConnection.java:463)
    at com.salesforce.cdp.queryservice.core.QueryServiceConnection.isValid(QueryServiceConnection.java:354)
    at com.salesforce.cdp.queryservice.core.QueryServiceConnection.<init>(QueryServiceConnection.java:78)
    at com.salesforce.cdp.queryservice.QueryServiceDriver.connect(QueryServiceDriver.java:65)

[soaggarwal]

Can you please check following setting in your Salesforce org -

Setup -> search for OAuth and OpenID Connect Settings → Turn on password flow

[stMimo]

I have the same issue. The "Allow OAuth Username-Password Flows" option is "On"

• "Allow OAuth User-Agent Flows" is also "On"
• "Allow Authorization Code and Credentials Flows" is "Off"
• "Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows" is "Off"

What else should we check?

I'm trying a simple connection using :

public static void main(String[] args) throws ClassNotFoundException, SQLException {

    Class.forName("com.salesforce.cdp.queryservice.QueryServiceDriver");
    Properties properties = new Properties();
    properties.put("user", "<userId>");
    properties.put("password", "<userPwd>");
    properties.put("clientId", "<Consumer Key>");
    properties.put("clientSecret", "<Consumer Secret>");

    Connection connection = DriverManager.getConnection("jdbc:queryService-jdbc:https://test.salesforce.com",properties);

}

[stMimo]

IMHO, I see no reason for the connection not to work .. but, still no joy for me. @kevinquillen , did you solved the issue somehow?

[hisham-improving]

@stMimo @kevinquillen anyone solve this issue?