Salesforce-to-Magento authorization issue

Issue

Connecting Salesforce with Magento (Steps 11 & 12 on the page) work for most of the cases. If you are using custom domains for the Magento Admin Panel and your Storefront(s), you may encounter the following error if the connection is not configured properly.

Usecase 1

The screenshot below could be visible if you are already logged in to the Magento Admin Panel.

Usecase 2

You may also see this message if you have not logged into the Magento Admin Panel.

 

Why this is happening?

This issue is linked to the multi-domain setup, for example:

  • admin.mystore.com/admin - the backend area (Magento Admin Panel).

  • shop.mystore.com - the actual store your customers are visiting.

If you use shop.mystore.com in the Salesforce configuration when trying to connect to Magento - the issue described above will occur.

Technical details:

  1. You use the shop.mystore.com domain in your configuration

  2. Magento redirects you to the admin area authorization form

  3. You put login/password and click the “Login

  4. Magento receives this request, detects that you are trying to authenticate into Magento Admin Panel and forwards the request to the admin.mystore.com domain

  5. The Form Key in your request is valid only for the shop.mystore.com domain.

  6. As a result, you see the “Invalid form key“ error.

Solution

You need to mark the “oauth“ path acceptable for Magento admin area.

  1. Open the app/etc/local.xml file

  2. Find the “<routers>“ tag

  3. Add a new router right under the “<adminhtml>“ tag:

    <oauth> <use>admin</use> <args> <frontName><![CDATA[oauth]]></frontName> </args> </oauth>

Here my corrected file:

<?xml version="1.0"?> <!-- /** * Magento * * NOTICE OF LICENSE * * This source file is subject to the Academic Free License (AFL 3.0) * that is bundled with this package in the file LICENSE_AFL.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/afl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@magento.com so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade Magento to newer * versions in the future. If you wish to customize Magento for your * needs please refer to http://www.magento.com for more information. * * @category Mage * @package Mage_Core * @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com) * @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0) */ --> <config> <global> <install> <date><![CDATA[Mon, 24 Feb 2020 13:17:52 +0000]]></date> </install> <crypt> <key><![CDATA[ab2ab549043e1fe93d27e6be8484c34c]]></key> </crypt> <disable_local_modules>false</disable_local_modules> <resources> <db> <table_prefix><![CDATA[]]></table_prefix> </db> <default_setup> <connection> <host><![CDATA[localhost]]></host> <username><![CDATA[root]]></username> <password><![CDATA[root]]></password> <dbname><![CDATA[m1cegit10]]></dbname> <initStatements><![CDATA[SET NAMES utf8]]></initStatements> <model><![CDATA[mysql4]]></model> <type><![CDATA[pdo_mysql]]></type> <pdoType><![CDATA[]]></pdoType> <active>1</active> </connection> </default_setup> </resources> <session_save><![CDATA[files]]></session_save> </global> <admin> <routers> <adminhtml> <args> <frontName><![CDATA[admin]]></frontName> </args> </adminhtml> <oauth> <use>admin</use> <args> <frontName><![CDATA[oauth]]></frontName> </args> </oauth> </routers> </admin> </config>