OAuth Authorization flows in salesforce

Salesforce Developer Group Bengaluru, India - @SFDGBLR #SFDGBLR
Salesforce
Developer Group
Bengaluru, India
@ SFDGBLR #SFDGBLR

OAuth Authorization
flows in Salesforce

TABLE OF
CONTENTS
Connected App
Creating Connected App and
Managing Connected App Usage
OAuth Web Server
Flow
Demo through Postman HTTP
Client
01
03
02
04
05
OAuth JWT Bearer
Token Flow
What is JWT? Walkthrough with
Postman HTTP Client
OAuth JWT Bearer
Token Flow in Apex
Apex Code Walkthrough to
connect one salesforce org to
another using named credentials
RESOURCES

Connected App
01

Connected App
A connected app is a framework that enables an external application to integrate with Salesforce using
APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these
protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps.

1. Creating Connected App
2. Managing Connected App Usage and Policies.
DEMO

OAuth Web server
flow
02

OAuth Web server
flow
1. The external web service—via the connected app—posts an authorization
code request using the authorization code grant type to the Salesforce
authorization endpoint.
2. With an authorization code, the connected app can prove that it’s been
authorized as a safe visitor to the site and that it has permission to request
an access token.

1. OAuth Web server flow walkthrough with Postman
HTTP Client.
DEMO

1. https://login.salesforce.com/services/oauth2/autho
rize?client_id=xxx&redirect_uri=https://login.sale
sforce.com/oauth2/callback&response_type=code
2. Endpoint for access token:
https://login.salesforce.com/services/oauth2/token
POST /services/oauth2/token,Content-type:
application/x-www-form-
urlencoded,grant_type=authorization_code&code=from
step1(url
decoded)&client_id=xxx&client_secret=xxx&redirect_
uri=https://login.salesforce.com/oauth2/callback
Steps Involved in Web Server Flow

OAuth JWT Bearer
Token flow
03

OAuth JWT Bearer
Token flow
1. This is used for server to server integration scenarios.
2. This flow uses a certificate to sign the JWT request and doesn’t require
explicit user interaction. However, this flow does require prior approval
of the client app. Please note this flows never issues a refresh token.

JWT Structure
Header -{"alg":"RS256"}
Payload (This contains claims information which
is an object containing information about user
and additional data.Claims are set using
parameters-"Iss,aud,sub,exp")
Signature
<headerbase64encodedurl>.<claimsbase64encodedclai
ms>.<signature(uses algorithm like RS 256)>

1. OAuth JWT Bearer Token flow walkthrough with
Postman HTTP Client.
DEMO

POST /services/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type= urn:ietf:params:oauth:grant-type:jwt-
bearer&assertion=JWT token generated in JWT.io Website
Steps to be followed in Postman

OAuth JWT Bearer
Token flow Usage in
Apex
04

1. OAuth JWT Bearer Token flow (Apex code
walkthrough to integrate one salesforce org to
another using named credentials)
DEMO

Auth.JWT jwt = new Auth.JWT();
jwt.setSub('debarunsengupta2512@live.com');
jwt.setAud('https://login.salesforce.com'); jwt.setIss('connected app client
id');Auth.JWS jws = new Auth.JWS(jwt,’Certificate keystore name’);String token =
jws.getCompactSerialization();String tokenEndpoint =
'https://login.salesforce.com/services/oauth2/token';//POST the JWT bearer token
Auth.JWTBearerTokenExchange bearer = new Auth.JWTBearerTokenExchange(tokenEndpoint,
jws);
//Get the access token
String accessToken = bearer.getAccessToken();
system.debug('Access Token-->'+accessToken);
Apex Code without Named
Credentials

String service_limits='/services/data/v48.0/sobjects/Account/listviews/';
HttpRequest req = new HttpRequest();
req.setEndpoint('callout:JWT_Demo'+service_limits);
req.setMethod('GET');
Http http = new Http();
HTTPResponse res = http.send(req);
System.debug(res.getBody());
System.debug(res.getstatuscode());
Apex Code with Named Credentials

Resources
05

1. https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5
2. https://jwt.io/
3. https://developer.salesforce.com/docs/atlas.en-
us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm
4. https://www.base64encode.org/
5. https://www.freeformatter.com/json-formatter.html#ad-output
6. https://www.unixtimestamp.com/
Some Useful commands to convert .crt to keystore to store in SFDC
openssl pkcs12 -export -in server.crt -inkey server.pem -out testkeystore.p12
keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore servercert.jks -deststoretype JKS
keytool -keystore /<Path>/servercert.jks -changealias -alias 1 -destalias salesforcetest

CREDITS: This presentation template was created by Slidesgo, including
icons by Flaticon, and infographics & images by Freepik.
Please keep this slide for attribution.

OAuth Authorization flows in salesforce

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to OAuth Authorization flows in salesforce

Similar to OAuth Authorization flows in salesforce (20)

Recently uploaded

Recently uploaded (20)

OAuth Authorization flows in salesforce