OAuth Authorization flows in salesforce
Download as PPTX, PDF0 likes437 views
The document outlines the Salesforce Developer Group in Bengaluru, detailing OAuth authorization flows, including the creation and management of connected apps. It provides walkthroughs for OAuth web server and JWT bearer token flows, demonstrating integration between Salesforce orgs using named credentials. Additionally, it lists useful resources for further learning and includes code snippets for implementing these flows in Apex.
OAuth Authorization flows in salesforce
- 1. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Salesforce Developer Group Bengaluru, India @ SFDGBLR #SFDGBLR
- 2. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Authorization flows in Salesforce
- 3. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR TABLE OF CONTENTS Connected App Creating Connected App and Managing Connected App Usage OAuth Web Server Flow Demo through Postman HTTP Client 01 03 02 04 05 OAuth JWT Bearer Token Flow What is JWT? Walkthrough with Postman HTTP Client OAuth JWT Bearer Token Flow in Apex Apex Code Walkthrough to connect one salesforce org to another using named credentials RESOURCES
- 4. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Connected App 01
- 5. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Connected App A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps.
- 6. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. Creating Connected App 2. Managing Connected App Usage and Policies. DEMO
- 7. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Web server flow 02
- 8. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Web server flow 1. The external web service—via the connected app—posts an authorization code request using the authorization code grant type to the Salesforce authorization endpoint. 2. With an authorization code, the connected app can prove that it’s been authorized as a safe visitor to the site and that it has permission to request an access token.
- 9. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth Web server flow walkthrough with Postman HTTP Client. DEMO
- 10. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. https://login.salesforce.com/services/oauth2/autho rize?client_id=xxx&redirect_uri=https://login.sale sforce.com/oauth2/callback&response_type=code 2. Endpoint for access token: https://login.salesforce.com/services/oauth2/token POST /services/oauth2/token,Content-type: application/x-www-form- urlencoded,grant_type=authorization_code&code=from step1(url decoded)&client_id=xxx&client_secret=xxx&redirect_ uri=https://login.salesforce.com/oauth2/callback Steps Involved in Web Server Flow
- 11. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow 03
- 12. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow 1. This is used for server to server integration scenarios. 2. This flow uses a certificate to sign the JWT request and doesn’t require explicit user interaction. However, this flow does require prior approval of the client app. Please note this flows never issues a refresh token.
- 13. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR JWT Structure Header -{"alg":"RS256"} Payload (This contains claims information which is an object containing information about user and additional data.Claims are set using parameters-"Iss,aud,sub,exp") Signature <headerbase64encodedurl>.<claimsbase64encodedclai ms>.<signature(uses algorithm like RS 256)>
- 14. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth JWT Bearer Token flow walkthrough with Postman HTTP Client. DEMO
- 15. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR POST /services/oauth2/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type= urn:ietf:params:oauth:grant-type:jwt- bearer&assertion=JWT token generated in JWT.io Website Steps to be followed in Postman
- 16. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow Usage in Apex 04
- 17. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth JWT Bearer Token flow (Apex code walkthrough to integrate one salesforce org to another using named credentials) DEMO
- 18. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Auth.JWT jwt = new Auth.JWT(); jwt.setSub('debarunsengupta2512@live.com'); jwt.setAud('https://login.salesforce.com'); jwt.setIss('connected app client id');Auth.JWS jws = new Auth.JWS(jwt,’Certificate keystore name’);String token = jws.getCompactSerialization();String tokenEndpoint = 'https://login.salesforce.com/services/oauth2/token';//POST the JWT bearer token Auth.JWTBearerTokenExchange bearer = new Auth.JWTBearerTokenExchange(tokenEndpoint, jws); //Get the access token String accessToken = bearer.getAccessToken(); system.debug('Access Token-->'+accessToken); Apex Code without Named Credentials
- 19. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR String service_limits='/services/data/v48.0/sobjects/Account/listviews/'; HttpRequest req = new HttpRequest(); req.setEndpoint('callout:JWT_Demo'+service_limits); req.setMethod('GET'); Http http = new Http(); HTTPResponse res = http.send(req); System.debug(res.getBody()); System.debug(res.getstatuscode()); Apex Code with Named Credentials
- 20. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Resources 05
- 21. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5 2. https://jwt.io/ 3. https://developer.salesforce.com/docs/atlas.en- us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm 4. https://www.base64encode.org/ 5. https://www.freeformatter.com/json-formatter.html#ad-output 6. https://www.unixtimestamp.com/ Some Useful commands to convert .crt to keystore to store in SFDC openssl pkcs12 -export -in server.crt -inkey server.pem -out testkeystore.p12 keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore servercert.jks -deststoretype JKS keytool -keystore /<Path>/servercert.jks -changealias -alias 1 -destalias salesforcetest
- 22. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik. Please keep this slide for attribution.