I’ve been trying to get our internal reporting tool to talk to Salesforce, and I keep hitting a wall with the authentication step. It feels like I’m missing something obvious about setting up the OAuth flow correctly, especially around the authorization grant types. Has anyone else wrestled with this and gotten a proper handshake to work?
Yeah this OAuth handshake in Salesforce is a maze I feel you. The usual fix is the Authorization Code flow with a connected app. You want the right OAuth scopes like api and refresh_token and the redirect URI must match exactly the one Salesforce has on file. You must be in the right environment whether sandbox or prod.
One common snag is mixing sandbox and production the token endpoint changes and the client credentials differ If you are in a sandbox you must use the test login domain and the test endpoints plus the right redirect URI and you need to confirm the authorization grant types configured in the connected app match what you are sending Have you checked that?
JWT Bearer flow sounds powerful but it is not a real user handshake You still need a valid certificate and Salesforce must trust it so it can fail if the cert or audience is off It can be a cleaner path for service to service but not a drop in replacement for a user consent flow
Maybe the frame is wrong The issue could be a matter of how you frame the handshake rather than the flow itself Consider a setup that uses a service account and a short lived token The JWT style approach changes the problem from user consent to token lifecycle
Let the error logs speak for themselves The often tiny clue is a mismatch in redirect uri or invalid grant The keyword here is OAuth and the story you read in the logs can point to the right endpoint more than a fancy trick
Try a quick smoke test with a simple test app Try to pull a basic access token by simulating a user login in a controlled environment Then expand to the full integration Remember to use the correct endpoints for sandbox and prod