Using JWT Flow to Authenticate Nodejs application with Salesforce

Video tutorial and Complete source code to use Salesforce JWT OAuth to authenticate Nodejs Application


JWT OAuth uses digital signature to authenticate external application with Salesforce. JWT can be used to request an OAuth access token from Salesforce when a client wants to use a previous authorization.

Complete Source code is available here.

How JWT OAuth works
  1. Developer creates a connected app and provides digital certificate in OAuth settings. You can refer this post to understand how openssl can be used to create digital certificate locally.
  2. We need to make sure this connected app is already pre – approved either by using WebServer, User Agent or any other flow. You can find this step in video recorded.
  3. We need to generate JWT token and sign it with certificate. This code snippet is available in this file in method getJWTSignedToken_nJWTLib(). I have used njwt module of Nodejs to create a JWT token. This is very useful website to validate and generate JWT token as per digital certificate.
  4. Next we need to send JWT request to token URL –
  5. If JWT request is valid then Salesforce returns access_token , which can be used in subsequent requests to perform allowed operations in Salesforce via Nodejs application.

How to run this on your system

Step 1

Clone this repository (Assuming Node.js already installed on system).

Step 2

Create a ssl certificate or reuse same certificate uploaded in this repository. Refer this post to learn how to create ssl certificate using openssl.

Step 3

Create Connected App in your Salesforce instance with callback URL – https://localhost:8081/oauthcallback.html. Make sure to upload server.crt as a digital certificate in connected app. You can use your own certificate as well.

Step 4

Copy consumer key & secret created in connected app and update jwt_consumer_key and client_secret variable defined in Server.js file.

Step 5

Run npm install command in the directory where this code is downloaded. It will download all the required node modules. Then run npm start, or nodemon Server.js (if nodemon installed previously) it will start the server.

Step 6

Navigate to https://localhost:8081/ in your browser and you would see option for all 3 Auth flow – JWT, User Agent and Web Server.


Related posts

8 thoughts on “Using JWT Flow to Authenticate Nodejs application with Salesforce”

  1. Nice post Jitendra. I see you changed the code since you implemented this post removing the Web Server Flow. Why? Just curiosity.

  2. Hi Jitendra,
    I do understand that a pre-authorization either through web server flow or user agent flow is needed before JWT is generated, signed and posted to Salesforce by the client app. However, there will be a session associated with the pre-authorization in Salesforce. What is the impact on subsequent calls from the client app in case the session (related to pre-authorization) times out?

  3. I am trying to use JWT to pass parameters from Java App hosted on AWS to Sites. How do I configure to decode in Salesforce? Authentication is already done in Java app and site need to read the jwebtoken for parameters passed.

  4. For the given client key, secret, UinqueAppID, I need to create a JWT token and send that to get the access token from 3rd party, I need the above example for SF callout. Could you provide that?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.