Skip to main content

Invalid_grant Authentication Failure in Username-Password Oauth flow

Sometimes the delegated authentication is configured in the customer's org for the logged-in user. So when the username and password is given during login, the authentication will be done via delegated authentication server, not by salesforce.

We have seen a strange behavior in Username-Password OAUTH flow (Sept 6, 2018) when the request is made from API and Apex.

1. When OAUTH request made via api, You can pass external auth server password.

password:password  // This can be external system password

2. When OAUTH request made via apex, The password should be salesforce password along with security token. If the external system password is given, you will get the below error

13:26:23.1 (5805772)|CALLOUT_REQUEST|[74]|System.HttpRequest[Endpoint=https://****, Method=POST]
13:26:23.1 (357570230)|HEAP_ALLOCATE|[EXTERNAL]|Bytes:952
13:26:23.1 (357762371)|CALLOUT_RESPONSE|[74]|System.HttpResponse[Status=Bad Request, StatusCode=400]
13:26:23.1 (357794126)|HEAP_ALLOCATE|[74]|Bytes:85
13:26:23.1 (357836159)|STATEMENT_EXECUTE|[75]
13:26:23.1 (357942754)|HEAP_ALLOCATE|[75]|Bytes:70
13:26:23.1 (357975206)|HEAP_ALLOCATE|[75]|Bytes:75
13:26:23.1 (358011911)|USER_DEBUG|[75]|DEBUG|body:{"error":"invalid_grant","error_description":"authentication failure"}

So incase of this error, make sure that you supply the salesforce username along with security token.

password:password  // This is only salesforce password and security token