Issue with using OAuth token in REST API

I implemented the OAuth integration with my external app. Created a Remote Access(Connected App) configuration with a callback url ( Here I received the call back with a “code=xyz…”. I made a http post with the following params to https:/

"grant_type", "authorization_code"
"client_id", "XYZ..."
"client_secret", "123..."
"redirect_uri", "https:/"

for which I received the following response from sfdc

"issued_at": "1375365820732",
 "scope": "refresh_token",
 "access_token": "00Dabc..!ABC...",
 "refresh_token": "abc...",
 "signature": "XYZ..."

I use the refresh token and fetch the access token or for time being use the access_token I get here for the following REST API
and set the header as
Authorization: Bearer

This returns me invalid session ID.
Also tried the following options
Authorization: OAuth

The Remote access(Connected App) has the access for “Refresh_Token”, “API”, Full Access” 🙂
I end up with the same error. Can someone help me on this.


reading this awesome article from sfdc its very clearly mentioned that ” full does not return a refresh token. You must explicitly request the refresh_token scope to get a refresh token“.

hence a refresh_token access is also needed .

Source : Link , Question Author : Sundar , Answer Author : Mohith Shrivastava

Leave a Comment