Replace the query access token method with headers

[sb8244]

Query tokens are not a reliable way to communicate the token with SFDC. Randomly, SFDC will say no oauth token even though it is sent across the wire.

[sb8244]

Right on this page https://developer.salesforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com#highlighter_378011 you will see

At this point, the client application can use the access token to authorize requests against the resource server (the Force.com instance specified by the instance URL) via the REST APIs (6), providing the access token as an HTTP header in each request:
Authorization: Bearer 00D...JeP
(For an explanation of 'Bearer' in this context, see section 1.2 of RFC 6750, The OAuth 2.0 Authorization Framework: Bearer Token Usage.)

[realdoug]

Interesting, thanks for this. Will take a look this eve.

[sb8244]

Hey @realdoug . This wasn't a big issue in our production apps until today. Every single oauth connection we tried was failing. We sourced from my gem which has the fix and it resolved itself. I think that Salesforce is rolling out OAuth changes incrementally and is now either live or more broadly reaching.

[theSteveMitchell]

We had the same experience, starting this morning. We also forked @sb8244's repo and this fixed the issue.

[sb8244]

Also, a few people are switching it from POST to GET to make it compatible 😨

[zentourist]

We just started having the issue today and putting the access_token in the header fixes the issue for us.

[sb8244]

@realdoug is there any update on this? I don't want to be pushy or anything, but this actually makes unpatched omniauth-salesforce unusable for certain SFDC instances, so priority is pretty high

[realdoug]

@sb8244 no worries at all be as pushy as you like! I know I said I would look at this last week but was at dreamforce. Will test, merge & cut the new gem tonight. For sure :)

[pulgaroja]

I can see this fix was committed to master, which is great because it works like a charm 👍 great fix @sb8244 but it only works if I specify in my gemfile to pull from github master branch. Is any one else having this problem? I saw there is that issue #16 asks for a new gem release. Any news on this from anyone else? Thanks.

[sb8244]

You're exactly right @pulgaroja. @realdoug is probably going to bump version in the near future as everyone has responded back affirmatively

[pulgaroja]

Good to know, once again thank you very much @sb8244

[realdoug]

The new version should be live on rubygems now. If you encounter any issues, the easiest/quickest way to get to me is probably to ping me on twitter.