Closed Kevmo92 closed 1 year ago
Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.
If there's not a client secret in the AuthUrl, it means that there's not one required by the ConnectedApp.
the ConnectedApp owner gets to decide if a secret is required, and our default ConnectedApp doesn't require one (it wouldn't be very secret if you were all using it and could look at it anytime 😄 )
If you create your own ConnectedApp (which you should, for more security and control, or to enable jwt) you'll be able to see the secret in Salesforce Setup.
@mshanemc Thanks for the reply! So how should I use the auth refresh token flow with an auth url that doesn't have client secret setup? https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_refresh_token_flow.htm&type=5
Oh, I see. Just omit the client_secret 😁
import os
import requests
from urllib.parse import urlparse
auth_url = os.environ.get("DEV_HUB_AUTH_URL")
url = urlparse(auth_url)
client_id = url.username
password = url.password.split(":")
refresh_token = password[1]
data = {
"grant_type": "refresh_token",
"client_id": client_id,
"refresh_token": refresh_token,
}
response = requests.post("https://login.salesforce.com/services/oauth2/token", data=data).json()
Yes!
Again, you should create your own ConnectedApp so you can have your own secret and manage the other stuff (refreshToken life policies, esp).
Summary
Using the new sfdx auth url format I'm unsure what my client_secret is 🤔
The new auth url looks like
force://<client_id>::<refresh_token>@<instance_url>
where client_id is alwaysPlatformCLI
The old auth url looked likeforce://<client_id>:<client_secret>:<refresh_token>@<instance_url>
where client_id was alwaysSalesforceDevelopmentExperience
I'd like to be able to parse the auth url and be able to send a post request to
https://login.salesforce.com/services/oauth2/token
for a new access_token, but I'm unsure what the client_secret is now...https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_refresh_token_flow.htm&type=5 <- guide for making post request
Steps To Reproduce:
sfdx auth:web:login
, and runsfdx force:org:display -u username --verbose
to get the auth_urlExpected result
Auth url contains client_secret or the client_secret is made available use when requesting an access token.
Actual result
Auth url no longer contains client_secret.
System Information