SlideShare a Scribd company logo

OAuth Authorization flows in salesforce

•Download as PPTX, PDF•
•
Kishore B T
Kishore B T

OAuth Authorization flows in salesforce 1. Creating Connected App and Managing Connected App usage 2. Oauth web server flow (walkthrough with postman) 3. Oauth JWT Bearer token flow (walkthrough with postman) 4. Oauth JWT Bearer token flow (apex code walkthrough to integrate one salesforce org to another using JWT bearer flow)

Software
1 of 22
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Salesforce Developer Group Bengaluru, India @ SFDGBLR #SFDGBLR
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Authorization flows in Salesforce
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR TABLE OF CONTENTS Connected App Creating Connected App and Managing Connected App Usage OAuth Web Server Flow Demo through Postman HTTP Client 01 03 02 04 05 OAuth JWT Bearer Token Flow What is JWT? Walkthrough with Postman HTTP Client OAuth JWT Bearer Token Flow in Apex Apex Code Walkthrough to connect one salesforce org to another using named credentials RESOURCES
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Connected App 01
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Connected App A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps.
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. Creating Connected App 2. Managing Connected App Usage and Policies. DEMO
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Web server flow 02
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Web server flow 1. The external web service—via the connected app—posts an authorization code request using the authorization code grant type to the Salesforce authorization endpoint. 2. With an authorization code, the connected app can prove that it’s been authorized as a safe visitor to the site and that it has permission to request an access token.
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth Web server flow walkthrough with Postman HTTP Client. DEMO
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. https://login.salesforce.com/services/oauth2/autho rize?client_id=xxx&redirect_uri=https://login.sale sforce.com/oauth2/callback&response_type=code 2. Endpoint for access token: https://login.salesforce.com/services/oauth2/token POST /services/oauth2/token,Content-type: application/x-www-form- urlencoded,grant_type=authorization_code&code=from step1(url decoded)&client_id=xxx&client_secret=xxx&redirect_ uri=https://login.salesforce.com/oauth2/callback Steps Involved in Web Server Flow
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow 03
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow 1. This is used for server to server integration scenarios. 2. This flow uses a certificate to sign the JWT request and doesn’t require explicit user interaction. However, this flow does require prior approval of the client app. Please note this flows never issues a refresh token.
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR JWT Structure Header -{"alg":"RS256"} Payload (This contains claims information which is an object containing information about user and additional data.Claims are set using parameters-"Iss,aud,sub,exp") Signature <headerbase64encodedurl>.<claimsbase64encodedclai ms>.<signature(uses algorithm like RS 256)>
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth JWT Bearer Token flow walkthrough with Postman HTTP Client. DEMO
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR POST /services/oauth2/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type= urn:ietf:params:oauth:grant-type:jwt- bearer&assertion=JWT token generated in JWT.io Website Steps to be followed in Postman
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow Usage in Apex 04
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth JWT Bearer Token flow (Apex code walkthrough to integrate one salesforce org to another using named credentials) DEMO
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Auth.JWT jwt = new Auth.JWT(); jwt.setSub('debarunsengupta2512@live.com'); jwt.setAud('https://login.salesforce.com'); jwt.setIss('connected app client id');Auth.JWS jws = new Auth.JWS(jwt,’Certificate keystore name’);String token = jws.getCompactSerialization();String tokenEndpoint = 'https://login.salesforce.com/services/oauth2/token';//POST the JWT bearer token Auth.JWTBearerTokenExchange bearer = new Auth.JWTBearerTokenExchange(tokenEndpoint, jws); //Get the access token String accessToken = bearer.getAccessToken(); system.debug('Access Token-->'+accessToken); Apex Code without Named Credentials
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR String service_limits='/services/data/v48.0/sobjects/Account/listviews/'; HttpRequest req = new HttpRequest(); req.setEndpoint('callout:JWT_Demo'+service_limits); req.setMethod('GET'); Http http = new Http(); HTTPResponse res = http.send(req); System.debug(res.getBody()); System.debug(res.getstatuscode()); Apex Code with Named Credentials
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Resources 05
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5 2. https://jwt.io/ 3. https://developer.salesforce.com/docs/atlas.en- us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm 4. https://www.base64encode.org/ 5. https://www.freeformatter.com/json-formatter.html#ad-output 6. https://www.unixtimestamp.com/ Some Useful commands to convert .crt to keystore to store in SFDC openssl pkcs12 -export -in server.crt -inkey server.pem -out testkeystore.p12 keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore servercert.jks -deststoretype JKS keytool -keystore /<Path>/servercert.jks -changealias -alias 1 -destalias salesforcetest
Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik. Please keep this slide for attribution.

Recommended

Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity ManagementJayant Jindal
 
Building strong foundations apex enterprise patterns
Building strong foundations apex enterprise patternsBuilding strong foundations apex enterprise patterns
Building strong foundations apex enterprise patternsandyinthecloud
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsSalesforce Developers
 
Enhanced Web Service Testing: A Better Mock Structure
Enhanced Web Service Testing: A Better Mock StructureEnhanced Web Service Testing: A Better Mock Structure
Enhanced Web Service Testing: A Better Mock StructureSalesforce Developers
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Karl McGuinness
 
Profiles and permission sets in salesforce
Profiles and permission sets in salesforceProfiles and permission sets in salesforce
Profiles and permission sets in salesforceSunil kumar
 
Best Practices with Apex in 2022.pdf
Best Practices with Apex in 2022.pdfBest Practices with Apex in 2022.pdf
Best Practices with Apex in 2022.pdfMohith Shrivastava
 
Champion Productivity with Service Cloud
Champion Productivity with Service CloudChampion Productivity with Service Cloud
Champion Productivity with Service CloudSalesforce Admins
 

Recommended

Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity ManagementJayant Jindal
 
Building strong foundations apex enterprise patterns
Building strong foundations apex enterprise patternsBuilding strong foundations apex enterprise patterns
Building strong foundations apex enterprise patternsandyinthecloud
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsSalesforce Developers
 
Enhanced Web Service Testing: A Better Mock Structure
Enhanced Web Service Testing: A Better Mock StructureEnhanced Web Service Testing: A Better Mock Structure
Enhanced Web Service Testing: A Better Mock StructureSalesforce Developers
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Karl McGuinness
 
Profiles and permission sets in salesforce
Profiles and permission sets in salesforceProfiles and permission sets in salesforce
Profiles and permission sets in salesforceSunil kumar
 
Best Practices with Apex in 2022.pdf
Best Practices with Apex in 2022.pdfBest Practices with Apex in 2022.pdf
Best Practices with Apex in 2022.pdfMohith Shrivastava
 
Champion Productivity with Service Cloud
Champion Productivity with Service CloudChampion Productivity with Service Cloud
Champion Productivity with Service CloudSalesforce Admins
 
Introduction to Apex Triggers
Introduction to Apex TriggersIntroduction to Apex Triggers
Introduction to Apex TriggersSalesforce Developers
 
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Edureka!
 
DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup AmeyKulkarni84
 
Apex Design Patterns
Apex Design PatternsApex Design Patterns
Apex Design PatternsSalesforce Developers
 
Introduction to Apex for Developers
Introduction to Apex for DevelopersIntroduction to Apex for Developers
Introduction to Apex for DevelopersSalesforce Developers
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Why Flow with Salesforce Flow
Why Flow with Salesforce FlowWhy Flow with Salesforce Flow
Why Flow with Salesforce FlowAjeet Singh
 
Secure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSecure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSalesforce Developers
 
How to create a developer org for salesforce
How to create a developer org for salesforceHow to create a developer org for salesforce
How to create a developer org for salesforceMyGuide By Edcast
 
Apex Enterprise Patterns: Building Strong Foundations
Apex Enterprise Patterns: Building Strong FoundationsApex Enterprise Patterns: Building Strong Foundations
Apex Enterprise Patterns: Building Strong FoundationsSalesforce Developers
 
Integration using Salesforce Canvas
Integration using Salesforce CanvasIntegration using Salesforce Canvas
Integration using Salesforce CanvasDhanik Sahni
 
Coding for Declarative Customizations: How We Do It in Salesforce.com IT
Coding for Declarative Customizations: How We Do It in Salesforce.com ITCoding for Declarative Customizations: How We Do It in Salesforce.com IT
Coding for Declarative Customizations: How We Do It in Salesforce.com ITSalesforce Developers
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleSalesforce Developers
 
Fast parallel data loading with the bulk API
Fast parallel data loading with the bulk APIFast parallel data loading with the bulk API
Fast parallel data loading with the bulk APISalesforce Developers
 
Episode 4 - Introduction to SOQL in Salesforce
Episode 4 - Introduction to SOQL in SalesforceEpisode 4 - Introduction to SOQL in Salesforce
Episode 4 - Introduction to SOQL in SalesforceJitendra Zaa
 
Selenium Automation Framework
Selenium Automation FrameworkSelenium Automation Framework
Selenium Automation FrameworkMindfire Solutions
 
Salesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewSalesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewDhanik Sahni
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To KerberosIshan A B Ambanwela
 
Introduction to Salesforce Platform - Basic
Introduction to Salesforce Platform - BasicIntroduction to Salesforce Platform - Basic
Introduction to Salesforce Platform - Basicsanskriti agarwal
 
Apex code (Salesforce)
Apex code (Salesforce)Apex code (Salesforce)
Apex code (Salesforce)Mohammed Safwat Abu Kwaik
 
CRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP APICRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP APICRMScienceKirk
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsSalesforce Developers
 

More Related Content

What's hot

Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Edureka!
 
DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup AmeyKulkarni84
 
Introduction to Apex for Developers
Introduction to Apex for DevelopersIntroduction to Apex for Developers
Introduction to Apex for DevelopersSalesforce Developers
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Why Flow with Salesforce Flow
Why Flow with Salesforce FlowWhy Flow with Salesforce Flow
Why Flow with Salesforce FlowAjeet Singh
 
Secure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSecure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSalesforce Developers
 
How to create a developer org for salesforce
How to create a developer org for salesforceHow to create a developer org for salesforce
How to create a developer org for salesforceMyGuide By Edcast
 
Apex Enterprise Patterns: Building Strong Foundations
Apex Enterprise Patterns: Building Strong FoundationsApex Enterprise Patterns: Building Strong Foundations
Apex Enterprise Patterns: Building Strong FoundationsSalesforce Developers
 
Integration using Salesforce Canvas
Integration using Salesforce CanvasIntegration using Salesforce Canvas
Integration using Salesforce CanvasDhanik Sahni
 
Coding for Declarative Customizations: How We Do It in Salesforce.com IT
Coding for Declarative Customizations: How We Do It in Salesforce.com ITCoding for Declarative Customizations: How We Do It in Salesforce.com IT
Coding for Declarative Customizations: How We Do It in Salesforce.com ITSalesforce Developers
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleSalesforce Developers
 
Fast parallel data loading with the bulk API
Fast parallel data loading with the bulk APIFast parallel data loading with the bulk API
Fast parallel data loading with the bulk APISalesforce Developers
 
Episode 4 - Introduction to SOQL in Salesforce
Episode 4 - Introduction to SOQL in SalesforceEpisode 4 - Introduction to SOQL in Salesforce
Episode 4 - Introduction to SOQL in SalesforceJitendra Zaa
 
Selenium Automation Framework
Selenium Automation FrameworkSelenium Automation Framework
Selenium Automation FrameworkMindfire Solutions
 
Salesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewSalesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewDhanik Sahni
 
Introduction to Salesforce Platform - Basic
Introduction to Salesforce Platform - BasicIntroduction to Salesforce Platform - Basic
Introduction to Salesforce Platform - Basicsanskriti agarwal
 

What's hot (20)

Introduction to Apex Triggers
Introduction to Apex TriggersIntroduction to Apex Triggers
Introduction to Apex Triggers
 
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
 
DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup
 
Apex Design Patterns
Apex Design PatternsApex Design Patterns
Apex Design Patterns
 
Introduction to Apex for Developers
Introduction to Apex for DevelopersIntroduction to Apex for Developers
Introduction to Apex for Developers
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
Why Flow with Salesforce Flow
Why Flow with Salesforce FlowWhy Flow with Salesforce Flow
Why Flow with Salesforce Flow
 
Secure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSecure Salesforce: External App Integrations
Secure Salesforce: External App Integrations
 
How to create a developer org for salesforce
How to create a developer org for salesforceHow to create a developer org for salesforce
How to create a developer org for salesforce
 
Apex Enterprise Patterns: Building Strong Foundations
Apex Enterprise Patterns: Building Strong FoundationsApex Enterprise Patterns: Building Strong Foundations
Apex Enterprise Patterns: Building Strong Foundations
 
Integration using Salesforce Canvas
Integration using Salesforce CanvasIntegration using Salesforce Canvas
Integration using Salesforce Canvas
 
Coding for Declarative Customizations: How We Do It in Salesforce.com IT
Coding for Declarative Customizations: How We Do It in Salesforce.com ITCoding for Declarative Customizations: How We Do It in Salesforce.com IT
Coding for Declarative Customizations: How We Do It in Salesforce.com IT
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
 
Fast parallel data loading with the bulk API
Fast parallel data loading with the bulk APIFast parallel data loading with the bulk API
Fast parallel data loading with the bulk API
 
Episode 4 - Introduction to SOQL in Salesforce
Episode 4 - Introduction to SOQL in SalesforceEpisode 4 - Introduction to SOQL in Salesforce
Episode 4 - Introduction to SOQL in Salesforce
 
Selenium Automation Framework
Selenium Automation FrameworkSelenium Automation Framework
Selenium Automation Framework
 
Salesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewSalesforce Integration Pattern Overview
Salesforce Integration Pattern Overview
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To Kerberos
 
Introduction to Salesforce Platform - Basic
Introduction to Salesforce Platform - BasicIntroduction to Salesforce Platform - Basic
Introduction to Salesforce Platform - Basic
 
Apex code (Salesforce)
Apex code (Salesforce)Apex code (Salesforce)
Apex code (Salesforce)
 

Similar to OAuth Authorization flows in salesforce

CRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP APICRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP APICRMScienceKirk
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsSalesforce Developers
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStoreDeveloping Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStoreSalesforce Developers
 
Introduction to the Salesforce Mobile SDK for Android
Introduction to the Salesforce Mobile SDK for AndroidIntroduction to the Salesforce Mobile SDK for Android
Introduction to the Salesforce Mobile SDK for AndroidSalesforce Developers
 
Introduction to the Salesforce.com Mobile SDK for iOS
Introduction to the Salesforce.com Mobile SDK for iOSIntroduction to the Salesforce.com Mobile SDK for iOS
Introduction to the Salesforce.com Mobile SDK for iOSSalesforce Developers
 
How to Use Stormpath in angular js
How to Use Stormpath in angular jsHow to Use Stormpath in angular js
How to Use Stormpath in angular jsStormpath
 
Introduction to Developing Android Apps With the Salesforce Mobile SDK
Introduction to Developing Android Apps With the Salesforce Mobile SDKIntroduction to Developing Android Apps With the Salesforce Mobile SDK
Introduction to Developing Android Apps With the Salesforce Mobile SDKSalesforce Developers
 
SalesForce WebServices part 2
SalesForce WebServices part 2SalesForce WebServices part 2
SalesForce WebServices part 2Mindfire Solutions
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...Nik Patel
 
JHipster and Okta - JHipster Virtual Meetup December 2020
JHipster and Okta - JHipster Virtual Meetup December 2020JHipster and Okta - JHipster Virtual Meetup December 2020
JHipster and Okta - JHipster Virtual Meetup December 2020Matt Raible
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop Apigee | Google Cloud
 
SankethNM[2_10]
SankethNM[2_10]SankethNM[2_10]
SankethNM[2_10]Sanketh Nm
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkKaty Slemon
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Painless Mobile App Development Webinar
Painless Mobile App Development WebinarPainless Mobile App Development Webinar
Painless Mobile App Development WebinarSalesforce Developers
 
RESTful Day 5
RESTful Day 5RESTful Day 5
RESTful Day 5Akhil Mittal
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsStefan Weber
 
Connect Your Clouds with Force.com
Connect Your Clouds with Force.comConnect Your Clouds with Force.com
Connect Your Clouds with Force.comJeff Douglas
 
Web Application Penetration Testing Checklist.pdf
Web Application Penetration Testing Checklist.pdfWeb Application Penetration Testing Checklist.pdf
Web Application Penetration Testing Checklist.pdfInfosec train
 

Similar to OAuth Authorization flows in salesforce (20)

CRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP APICRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP API
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStoreDeveloping Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
 
Introduction to the Salesforce Mobile SDK for Android
Introduction to the Salesforce Mobile SDK for AndroidIntroduction to the Salesforce Mobile SDK for Android
Introduction to the Salesforce Mobile SDK for Android
 
Introduction to the Salesforce.com Mobile SDK for iOS
Introduction to the Salesforce.com Mobile SDK for iOSIntroduction to the Salesforce.com Mobile SDK for iOS
Introduction to the Salesforce.com Mobile SDK for iOS
 
How to Use Stormpath in angular js
How to Use Stormpath in angular jsHow to Use Stormpath in angular js
How to Use Stormpath in angular js
 
Introduction to Developing Android Apps With the Salesforce Mobile SDK
Introduction to Developing Android Apps With the Salesforce Mobile SDKIntroduction to Developing Android Apps With the Salesforce Mobile SDK
Introduction to Developing Android Apps With the Salesforce Mobile SDK
 
SalesForce WebServices part 2
SalesForce WebServices part 2SalesForce WebServices part 2
SalesForce WebServices part 2
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
 
JHipster and Okta - JHipster Virtual Meetup December 2020
JHipster and Okta - JHipster Virtual Meetup December 2020JHipster and Okta - JHipster Virtual Meetup December 2020
JHipster and Okta - JHipster Virtual Meetup December 2020
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
 
SankethNM[2_10]
SankethNM[2_10]SankethNM[2_10]
SankethNM[2_10]
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST Framework
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Painless Mobile App Development Webinar
Painless Mobile App Development WebinarPainless Mobile App Development Webinar
Painless Mobile App Development Webinar
 
RESTful Day 5
RESTful Day 5RESTful Day 5
RESTful Day 5
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated Permissions
 
Connect Your Clouds with Force.com
Connect Your Clouds with Force.comConnect Your Clouds with Force.com
Connect Your Clouds with Force.com
 
Web Application Penetration Testing Checklist.pdf
Web Application Penetration Testing Checklist.pdfWeb Application Penetration Testing Checklist.pdf
Web Application Penetration Testing Checklist.pdf
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfWilly Marroquin (WillyDevNET)
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 

Recently uploaded (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 

OAuth Authorization flows in salesforce

  • 1. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Salesforce Developer Group Bengaluru, India @ SFDGBLR #SFDGBLR
  • 2. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Authorization flows in Salesforce
  • 3. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR TABLE OF CONTENTS Connected App Creating Connected App and Managing Connected App Usage OAuth Web Server Flow Demo through Postman HTTP Client 01 03 02 04 05 OAuth JWT Bearer Token Flow What is JWT? Walkthrough with Postman HTTP Client OAuth JWT Bearer Token Flow in Apex Apex Code Walkthrough to connect one salesforce org to another using named credentials RESOURCES
  • 4. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Connected App 01
  • 5. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Connected App A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps.
  • 6. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. Creating Connected App 2. Managing Connected App Usage and Policies. DEMO
  • 7. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Web server flow 02
  • 8. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth Web server flow 1. The external web service—via the connected app—posts an authorization code request using the authorization code grant type to the Salesforce authorization endpoint. 2. With an authorization code, the connected app can prove that it’s been authorized as a safe visitor to the site and that it has permission to request an access token.
  • 9. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth Web server flow walkthrough with Postman HTTP Client. DEMO
  • 10. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. https://login.salesforce.com/services/oauth2/autho rize?client_id=xxx&redirect_uri=https://login.sale sforce.com/oauth2/callback&response_type=code 2. Endpoint for access token: https://login.salesforce.com/services/oauth2/token POST /services/oauth2/token,Content-type: application/x-www-form- urlencoded,grant_type=authorization_code&code=from step1(url decoded)&client_id=xxx&client_secret=xxx&redirect_ uri=https://login.salesforce.com/oauth2/callback Steps Involved in Web Server Flow
  • 11. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow 03
  • 12. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow 1. This is used for server to server integration scenarios. 2. This flow uses a certificate to sign the JWT request and doesn’t require explicit user interaction. However, this flow does require prior approval of the client app. Please note this flows never issues a refresh token.
  • 13. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR JWT Structure Header -{"alg":"RS256"} Payload (This contains claims information which is an object containing information about user and additional data.Claims are set using parameters-"Iss,aud,sub,exp") Signature <headerbase64encodedurl>.<claimsbase64encodedclai ms>.<signature(uses algorithm like RS 256)>
  • 14. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth JWT Bearer Token flow walkthrough with Postman HTTP Client. DEMO
  • 15. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR POST /services/oauth2/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type= urn:ietf:params:oauth:grant-type:jwt- bearer&assertion=JWT token generated in JWT.io Website Steps to be followed in Postman
  • 16. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR OAuth JWT Bearer Token flow Usage in Apex 04
  • 17. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. OAuth JWT Bearer Token flow (Apex code walkthrough to integrate one salesforce org to another using named credentials) DEMO
  • 18. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Auth.JWT jwt = new Auth.JWT(); jwt.setSub('debarunsengupta2512@live.com'); jwt.setAud('https://login.salesforce.com'); jwt.setIss('connected app client id');Auth.JWS jws = new Auth.JWS(jwt,’Certificate keystore name’);String token = jws.getCompactSerialization();String tokenEndpoint = 'https://login.salesforce.com/services/oauth2/token';//POST the JWT bearer token Auth.JWTBearerTokenExchange bearer = new Auth.JWTBearerTokenExchange(tokenEndpoint, jws); //Get the access token String accessToken = bearer.getAccessToken(); system.debug('Access Token-->'+accessToken); Apex Code without Named Credentials
  • 19. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR String service_limits='/services/data/v48.0/sobjects/Account/listviews/'; HttpRequest req = new HttpRequest(); req.setEndpoint('callout:JWT_Demo'+service_limits); req.setMethod('GET'); Http http = new Http(); HTTPResponse res = http.send(req); System.debug(res.getBody()); System.debug(res.getstatuscode()); Apex Code with Named Credentials
  • 20. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR Resources 05
  • 21. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR 1. https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5 2. https://jwt.io/ 3. https://developer.salesforce.com/docs/atlas.en- us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm 4. https://www.base64encode.org/ 5. https://www.freeformatter.com/json-formatter.html#ad-output 6. https://www.unixtimestamp.com/ Some Useful commands to convert .crt to keystore to store in SFDC openssl pkcs12 -export -in server.crt -inkey server.pem -out testkeystore.p12 keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore servercert.jks -deststoretype JKS keytool -keystore /<Path>/servercert.jks -changealias -alias 1 -destalias salesforcetest
  • 22. Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik. Please keep this slide for attribution.