Articles on: Browser Extension

Access Authorization Troubleshooting: Salesforce OAuth error

Symptom


After clicking Connect to Salesforce in the PipeLaunch Chrome Extension, Salesforce returns the following OAuth error: OAUTH_APPROVAL_ERROR_GENERIC



This typically only affects users who have API access enabled in Salesforce. Users without API access usually fail earlier with a different error.


Cause


Salesforce blocks the OAuth approval step for the Connected App. The two most common reasons are:


  1. Connected App access restrictions introduced by Salesforce in September 2025. Uninstalled connected apps are now blocked for most users by default. The PipeLaunch Browser Extension must be explicitly installed and its OAuth policies configured before users can authorize it.
  2. Login IP Range restrictions on the user's Profile. If the Profile has IP ranges configured, every connection (including from Connected Apps) must originate from an allowed IP. A user working from outside the corporate network, on a VPN, or on mobile data will be blocked.


To resolve the issue, work through both steps below in order.



Step 1: Install and configure the Connected App


Since September 2025, Salesforce blocks end users from authorizing connected apps that haven't been explicitly installed by an admin. See the Salesforce help article for background.


1.1 Install the Connected App as an Admin


In Salesforce Setup, search for Connected Apps OAuth Usage, locate PipeLaunch Chrome Extension, and click Install.



1.2 Open the app policies


Click Manage App Policies.



1.3 Edit the policies


Click Edit Policies.



1.4 Relax the OAuth policies


Under OAuth Policies, configure the following:


  • Permitted Users: *All users may self-authorize, or Admin approved users are pre-authorized* (recommended for tighter security; grant access via Profiles or Permission Sets).
  • IP Relaxation: Relax IP restrictions (recommended)


Save the changes.



If you selected Admin approved users are pre-authorized, remember to also assign the relevant Profiles or Permission Sets to the app, otherwise users will still be blocked.



Step 2: Adjust Login IP Ranges on the Profile (Optional)


If users still see the error after Step 1, or if the error only occurs from specific networks (home, mobile, VPN), check the Profile's Login IP Ranges.


  1. Open Salesforce Setup, type Profiles in the Quick Find box, and select Profiles.
  2. Click the name of the affected user's Profile.
  3. Click Login IP Ranges.
  4. Add or widen the range so it includes the IP the user is connecting from, or remove the restriction if your security policy allows.


Tip: You can find a user's recent IP under Setup → Login History.


Updated on: 26/05/2026