+ Start a Discussion

{"error":"invalid_grant","error_description":"authentication failure - Invalid Password"}

I am following the guidelines from the Chatter guide and somehow I can't get the OAuth to work. 


It's not working from Java or curl.   Here is what I am doing:


mike$ curl --form client_id=3MVG9yZ.WNe6bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxu5AjB4oT9kxi8SEhY --form client_secret=26542xxxxxxxxxxx78  --form grant_type=password --form username=xxxxxxxx@gmail.com --form password=xxxxxxx https://na11.salesforce.com/services/oauth2/token


What I am getting is:

{"error":"invalid_grant","error_description":"authentication failure - Invalid Password"}


I double checked and I am getting into na11 with the right password.  Is there anything else I need to do?


Here are the settings in my remote access:



Callback URLhttps://na11.salesforce.com/ConnectTest/oauth/_callback /// temp one

No user approval required for users in this organizationNot Checked


Best Answer chosen by Admin (Salesforce Developers) 

You probably need to include your API security token with the password. See the help topics on identity confirmation.

All Answers


You probably need to include your API security token with the password. See the help topics on identity confirmation.

This was selected as the best answer

Bingo! however I was hoping that the tokens are done with when it comes to OAuth.  I guess not.


They are if you use one of the interactive flows, but not for any programatic flow.


Hi Simon,

I am writing a .Net (GUI-less) application to talk to Chatter REST API.

And first problem I am facing is at getting OAuth token.

Every article about OAuth says that one has to provide callback URL where OAuth token will be provided. But when we are developing an application which cannot be reached from outside (through an URL), how can we get OAuth token?


What is the way to get OAuth token programatically?





You can use the username-password OAuth2 flow. there are details in the remote access parts of the online help, and on the blog.


Hi  Sir.


Nice ............


Hi Simon, where'd you find the information about using just username and password? Long shot but hoping you remember.


Hi there

We have the problem of getting authenticated by our SF sandbox environment

When we exclude security token from password it obviously returns API sec. token required, which we expect  to happen

However when we DO include (append) the security token the sandbox returns 'invalid password', but the password is ok and we use that password while logging in the gui


How come?






s-tobe@xubuntuXPS:~$ curl https://test.salesforce.com/services/oauth2/token -d grant_type=password&client_id=<clientid>&username=<username>&password=<password>' -H "X-PrettyPrint: 1"
  "error" : "invalid_grant",
  "error_description" : "authentication failure - Failed: API security token required"

s-tobe@xubuntuXPS:~$ curl https://test.salesforce.com/services/oauth2/token -d grant_type=password&client_id=<clientid>&username=<username>&password=<password><security token>' -H "X-PrettyPrint: 1"
  "error" : "invalid_grant",
  "error_description" : "authentication failure - Invalid Password"


Have you tried adding the client_secret?


I'm having the same problem:


curl -X POST --verbose -d @datasj.txt https://login.salesforce.com/services/oauth2/token






I do have the security token appened to the password.

I had the same problem which I resolved setting the connected app "IP Restrictions" to "Relax IP restrictions"
Nrottam SinghNrottam Singh
Thanks, doron 
User password oauthentication flow work after change "IP Restrictions" to "Relax IP restrictions" setting 
Thanks again
Krati RajpurohitKrati Rajpurohit
im facing the same issue, when trying programatically

below is my code:
PostMethod post = new PostMethod("https://login.salesforce.com/services/oauth2/token");
            post.setParameter("grant_type","password");  post.setParameter("client_id","3MVG9ZL0ppGP5UrBtzV375FzNEKv4M0YHXq47vVM8O3rYjXp1VkxmcTRA_mpzUYB6vtedwwGS.3AG6lsiIODA");
           // post.addParameter("redirect_uri",redirecturi);
            HttpClient httpclient = new HttpClient();

my password has security key appended, still im getting the "invalid_client". kindly guide
Abhishek Jyoti 7Abhishek Jyoti 7
Plz go to Create --> App --> Connected App. click on "connected app" then click on "Manage" button. On click, you have to change "IP Relaxation" setting to "Relax IP Restrictions". With this setting you can resolve such issue.

Theodore SandsTheodore Sands
If you are authorizing against a sandbox, you have to use test.salesforce.com instead of login.salesforce.com.

Reference: https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_oauth_endpoints.htm?state=id
Gbolahan JolapamoGbolahan Jolapamo
I tried relaxing my IP, and used the format that includes my token: curl -v https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=3MVG9KI2HHAq33Ry8PcGf8.fdLcF92S8496EX3rBaZ5_MeL7UE1wUPHOyY_1bHEHpqwWlmfvYCuVZF5S4CQS0" -d "client_secret=1234724115031080467" 
    -d "username=aaa@bbb.com" -d "password=ccccccxxxxxxxxxxx"

still having same problem:{"error":"invalid_grant","error_description":"authentication failure"}* Connection #0 to host login.salesforce.com left intact

i'm open to suggestions on what might be causing my error.
Felipe Oliveira 15Felipe Oliveira 15
I'm also having the same problem. I tried to change the IP rules, the sandbox url, etc.
Nothing worked.

Im still getting
    "error": "invalid_grant",
    "error_description": "authentication failure"

Any suggestions?
Felipe Oliveira 15Felipe Oliveira 15
I found a way

you need to change the Permitted Users to "All users may self-authorize"
Darshan Chhajed 7Darshan Chhajed 7
Hi All, I am getting the same error. I have tried following steps to resolve but still no luck.
1. I have changed IP relaxation to 'Relax IP Restriction' 
2. I have added trusted IP range for my org.
3. I have added login ranged to profile.
4. I have changed default login.salesforce.com url to test.salesforce.com/ myBaseUrl.salesforce.com

Still I am getting invalid grant error on sandbox.

Note- On production/dev org its working fine issue is when I try to connect to a sandbox. 
shibi priyadarshanshibi priyadarshan
Your password should not contain any special characters like # or &...
example pwd=jagan123
My connection String:

I gave like this. So, its worked for me.