Access Authorization Troubleshooting: Salesforce OAuth error
The essence of the issue: after clicking on the “Connect to Salesforce” a Salesforce OAuth error OAUTH_APPROVAL_ERROR_GENERIC occurs:
It only happens if API use is enabled for the user in Salesforce.
The issue’s cause: the OAUTH_APPROVAL_ERROR_GENERIC error may occur on user logon if the user’s Profile in Salesforce is restricted by IP range limits. That also blocks any connections from Connected Apps.
To resolve the issue, first adjust Salesforce restricted IPs configuration for the concerned Profile, to ensure that the range includes the actual IP the user attempts a logon from, e.g. one outside of the corporate network:
Open Salesforce Setup, type Profiles in the Quick Find box and select Profiles
Expand relevant Profile’s settings by clicking on its name
On the Profile settings page, click Login IP Ranges to check and adjust the restrictions
If that does not help, also try changing Connected Apps restrictions to Relaxed:
By default, IP Relaxation is set to “Enforce IP restrictions” for any Connected Apps, this prevents RGES usage from unexpected IPs. To set “_Relax IP restrictions_”:
Open Salesforce Setup, type connected apps in the Quick Find box and select Manage Connected Apps
Select the app from the list and click Edit in the Action column
In the IP Relaxation field, select Relax IP restrictions
It only happens if API use is enabled for the user in Salesforce.
The issue’s cause: the OAUTH_APPROVAL_ERROR_GENERIC error may occur on user logon if the user’s Profile in Salesforce is restricted by IP range limits. That also blocks any connections from Connected Apps.
To resolve the issue, first adjust Salesforce restricted IPs configuration for the concerned Profile, to ensure that the range includes the actual IP the user attempts a logon from, e.g. one outside of the corporate network:
Open Salesforce Setup, type Profiles in the Quick Find box and select Profiles
Expand relevant Profile’s settings by clicking on its name
On the Profile settings page, click Login IP Ranges to check and adjust the restrictions
If that does not help, also try changing Connected Apps restrictions to Relaxed:
By default, IP Relaxation is set to “Enforce IP restrictions” for any Connected Apps, this prevents RGES usage from unexpected IPs. To set “_Relax IP restrictions_”:
Open Salesforce Setup, type connected apps in the Quick Find box and select Manage Connected Apps
Select the app from the list and click Edit in the Action column
In the IP Relaxation field, select Relax IP restrictions
Updated on: 17/08/2023