Why does my Salesforce OAuth token expire?

In order to use the Salesforce SOQL plug-in, you will need to setup an OAuth connection in Salesforce. (Please see the Salesforce support documentation for instructions on this. Plugins that do not use SOQL do not require a token, just a username and password.) The final step in this authorization process will be to obtain a token from Salesforce.  

Depending on your settings, the token may expire from time to time. When that happens, Metric Insights will not be able to fetch data from Salesforce until the token has been refreshed.  This article will show you how to refresh the token automatically.

Follow the instructions below if you receive one of the following error messages when using the Salesforce SOQL plug-in:

  • "Could not authorize you. Details: the requested scope is not allowed."
  • "Expired access/refresh token"


The Salesforce support documentation site contains instructions on this topic. See Creating a Connected App.

1. Login to Salesforce

Login to Salesforce
  1. Go to the "Setup" menu:

2. Use APP Setup Section in Left Sidebar

Use APP Setup Section in Left Sidebar
  1. Choose "Apps" in the Create Apps sub-section of App Setup
  2. Click the "Edit" link for the Connected App that you want (in this example:  "MI Plugin (Adam)"

3. Client ID and Client Secret

Client ID and Client Secret

When you click "Edit" you will see your Consumer Key (ID) and your Consumer Secret.

You need to add your SalesForce Secret and Client ID to the Config variables.See here for more help.

  1. 'SALESFORCE_OAUTH2_CLIENT_ID',       '3MVG9y6x0357Hlefte5xC92_J.LmfhKJ0Z_...5JydLTMG5bh6eosdfWERZjDOMbc_2FWeBclda5gD6'
  2. 'SALESFORCE_OAUTH2_CLIENT_SECRET',     '79282882...'
  3. Generate config.php file

Note: These are client specific.

4. Enable Metric Insights to Refresh Your Token

Enable Metric Insights to Refresh Your Token

In the API (Enable OAuth Settings) section:

  1. Add "Perform requests on your behalf at any time (refresh_token, offline_access)" to Selected OAuth Scopes.
  2. Save