SalesForce - REST API with OAUTH2 Token Auto Refresh Issue

Hi,

Is anyone using REST Get snap with Salesforce instance using OAUTH2 account? I am having trouble with keeping my Account tokens up to date. I am able to connect and receive an Access Token and a Refresh Token on my account using the Account “Refresh” button. But SF does not provide me back a “Access token expiration” time. Apparently per SnapLogic support, I cannot enable “auto refresh token” on the account so the token can refresh without an expiration date on the token. I have to manually every hour open my account settings in Snaplogic account and hit “Refresh” to receive a new refresh and access tokens. If not, my snap step returns error “Session expired or invalid”,“errorCode”:“INVALID_SESSION_ID” in all of my pipelines. It’s very frustrating and redundant having to do this multiple times a day.

Is there a way to pass thru a expiration token time to the account? Or is there a way I can force a token refresh each time my pipeline runs without my input?

My use case is, SF snaps do not give us ability to access rich functionality such as getdeleted() or getupdated() on SF objects. These logs contain hard deleted items per object (when the object is replicated in SF) and we use these logs to keep the data in synch in our DB without having to re-download hundreds of millions of records per object every hour which is not possible. This log data is not accessible through SOQL as far as I can see and they are not in the recycle bin (hence hard deleted) so standard snaps don’t work for this.

Example of REST Get service url for hard deleted item logs:
https://instance#.salesforce.com/services/data/v39.0/sobjects/AccountTeamMember/deleted/?start=2017-09-13T00:00:00-00:00&end=2017-09-15T00:00:00-00:00

SF documentation: Developer SF REST API - GetDeleted()

Another way of getting these results from what I have read is to use REST API QueryAll() functionality in SF. But it uses same Account configuration.

Any help of feedback is much appreciated.

Can you file a ticket with Support please? We can definitely take a look.

can you see if you still have this issue?

Hi,

Yes, the issue still exists for me. I already talked with support but did not get any solution to this issue and I was wondering if anyone else has issues using the “auto refresh” Salesforce token for a OAUTH2 account in SnapLogic. Support tells me I cannot auto refresh an account token without a token expiration date on the account so I’m stuck.

Hi Izapart,

I came to the same requirement where i need to get access_token and refresh_token from Salesforce using the OAuth 2. I am able to get access_token value and access_token_expiration shows as -1, which i am assuming that access_token never expires. But i am not able to get the refresh_token.
How you had configured the Salesforce account in order to get the refresh_token in your case.

Any help is appreciated.

Thanks

Hi, actually in my SF instance the refresh token does expire but can be refershed using refresh token request. I use a REST POST snap each time I want to access
the SF API to refresh my token first just in case if it expires, using the grant type refresh_token.

To receive a refresh token, follow these steps documented here:

https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_oauth_endpoints.htm

Basically you need to first receive the authorization code. Then use it to request a refresh token using the “/token” url request.

In SnapLogic, before each of my API calls I refresh the token first using this in REST Post Snap service URL configured like here:

https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_refresh_token_oauth.htm using refresh_token grant type.

It’s sad that we can’t create a SnapLogic Account for Salesforce API because the token does not have an expiration date (mandatory per SnapLogic). That would
have made this a lot easier and the tokens would refresh automoatically if selected to do so on the SL account. That is why I have to refresh the token manually in each of my pipelines as step 1 by using the REST POST snap and calling the /token url to refresh
it, then pass the token to my REST GET snap to be used in the header to get my data out of SF.

@lzapart could you please share your pipeline.slp for the workaround solution.Similar to what you had described, I have to go in account settings and click on authorize and apply for this to work.

image.png797×596 24.6 KB

Hi. Don’t use the “Account” because it does not work for the API account for SF, it won’t let you auto refresh the token because no expiration date so it’s useless.
This is the workaround.

You need to get authorization from your Salesforce server and copy the “refresh token” that you receive. Then in the SnapLogic pipeline add a REST POST snap,
and for service url in the snap provide the following server url: https://login.salesforce.com/services/oauth2/token?grant_type=refresh_token&client_id=abc1&client_secret=abc2&refresh_token=abc3

Provide the correct clientid, secret, and refresh token in the url and the rest post snap will generate a grant authorization for you. Since the refresh token
does not expire, you can use this snap since it won’t expire in any job. I’ve attached a sample pipeline for reference. No account should be associated with the REST snaps for this.

SFDC_Auth_Sample_API_2019_01_18.slp (7.54 KB)

Any thoughts on securing those credentials better if they’re not in an actual “account”?

Thanks @lzapart for helping. Those who are struggling in getting refresh_token from SalesForce, make sure the connected app in SalesForce has Selected OAuth Scopes as follwoing:

Full access (full)
Perform requests on your behalf at any time (refresh_token, offline_access)

Then using postman make a request to get new access_token with your client_id and client secret with scope as refresh_token:

image.png846×584 15.1 KB

Use that refresh_token in pipeline shared by @lzapart along with client_id and client secret to get access_token.