HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
{
  "error": "invalid_grant",
  "error_description": "authentication failure"
}

What causes the Salesforce Authentication Failure error?

This Salesforce OAuth error can happen for several reasons. Here are a couple common causes:

1. Users may not be allowed to self-authorize

2. The base URL is incorrect (test.salesforce.com for sandbox or login.salesforce.com for production)

This Salesforce OAuth error can happen because a particular user may not be allowed to self-authorize.

Solving the Authentication Failure error

First, check to see if your base URL is incorrect - if so, that's an easy fix.

If your base URL is correct and you are still getting the authentication failure error, you can try allowing all users to self-authorize.

In your Salesforce account, go to:

Apps → Connected Apps → Manage Connected Apps → {{YOUR APP}} → Edit Policies to go to your Connected App’s Edit page

Under Permitted Users, select All users may self-authorize and hit save.

Hopefully this helps you solve the {"error": "invalid_grant", "error_description": "authentication_failure"} error!

If you want to avoid dealing with auth errors again while building a native Salesforce (or any other) integration for your app, try out Paragon.

Access/refresh token management is handled by Paragon's authentication layer for any 3rd party SaaS integration you need to build, so you can focus on implementing your integration logic instead of fixing errors such as the Salesforce invalid_grant - expired access/refresh tokens error.

With a single paragon.connect('salesforce'); call, the Paragon SDK will handle the entire authorization flow and refreshes tokens on behalf of your customers.

Learn more about Paragon's embedded integration platform for developers and sign up for a free trial here.