+ Start a Discussion

OAuth Access Token Response Missing token_type



Per RFC 6749 the OAuth access token response is required to send a token_type as part of the response (http://tools.ietf.org/html/rfc6749#section-4.2.2). It doesn't appear that the response from SF includes the token_type. I ran across this when using one of the OAuth client libraries that was recommended on the OAuth 2 home page. The client library requires this field to be returned, per the spec, and throws an error if it's not there.


I know it's a long shot but any chance the access token response could be updated to follow the spec and return a token_type of "Bearer" ?




You will have to use standard authentication for SOAP using login method and obtain a Session Id. This can then be used as a Bearer for all your calls in the session.
to bad sf doesn't comply to the standard when it claims so