Join us and learn about Oauth authorization flow in Salesforce. In this session we will cover Oauth Web Server flow and Oauth JWT Bearer token flow.
- Creating Connected App and Managing Connected App usage
- Oauth Web Server flow (walkthrough with postman)
- Oauth JWT Bearer token flow (walkthrough with postman)
- Oauth JWT Bearer token flow (apex code walkthrough to integrate one salesforce org to another using JWT Bearer flow)
A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize and provide single sign-on (SSO) for external apps.
Oauth Webserver Flow
The external web service—via the connected app—posts an authorization code request using the authorization code grant type to the Salesforce authorization endpoint.
With an authorization code, the connected app can prove that it’s been authorized as a safe visitor to the site and that it has permission to request an access token.
Steps involved in Web Server Flow
- Endpoint for access token: https://login.salesforce.com/services/oauth2/token
Oauth JWT Bearer Token Flow
This is used for server to server integration scenarios. This flow uses a certificate to sign the JWT request and doesn’t require explicit
user interaction. However, this flow does require prior approval of the client app
Please note this flows never issues a refresh token.
Payload (This contains claims information which is an object containing
information about user and additional data.Claims are set using
<headerbase64encodedurl>.<claimsbase64encodedclaims>.<signature(usesalgorithm like RS 256)>
Apex Code without Named Credentials
Auth.JWT jwt = new Auth.JWT(); jwt.setSub('firstname.lastname@example.org'); jwt.setAud('https://login.salesforce.com'); jwt.setIss('connected app client id');Auth.JWS jws = new Auth.JWS(jwt,’Certificate keystore name’);String token = jws.getCompactSerialization();String tokenEndpoint ='https://login.salesforce.com/services/oauth2/token'; //POST the JWT bearer token Auth.JWTBearerTokenExchange bearer = new Auth.JWTBearerTokenExchange(tokenEndpoint, jws); //Get the access token String accessToken = bearer.getAccessToken(); system.debug('Access Token-->'+accessToken);
Apex Code with Named Credentials
String service_limits='/services/data/v48.0/sobjects/Account/listviews/'; HttpRequest req = new HttpRequest(); req.setEndpoint('callout:JWT_Demo'+service_limits); req.setMethod('GET'); Http http = new Http(); HTTPResponse res = http.send(req); System.debug(res.getBody()); System.debug(res.getstatuscode());
|Date : Sat, OCT 24, 2020 10:00 AM EST (7:30 PM IST)|
Speaker : Debarun Sengupta
Where : Apex Hours YouTube
Some Useful commands to convert .crt to keystore to store in SFDC
- openssl pkcs12 -export -in server.crt -inkey server.pem -out testkeystore.p12
- keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12
- -destkeystore servercert.jks -deststoretype JKS
- keytool -keystore //servercert.jks -changealias -alias 1 -destalias salesforcetest
If you like this session and blog then please share your feedback.
Amit Chaudhary is Salesforce Application & System Architect and working on Salesforce Platform since 2010. He is Salesforce MVP since 2017 and have 17 Salesforce Certificates.
He is a active blogger and founder of Apex Hours.