Using JWT Flow to Authenticate Nodejs application with Salesforce

JWT OAuth uses digital signature to authenticate external application with Salesforce. JWT can be used to request an OAuth access token from Salesforce when a client wants to use a previous authorization.

Complete Source code is available here.

How JWT OAuth works
  1. Developer creates a connected app and provides digital certificate in OAuth settings. You can refer this post to understand how openssl can be used to create digital certificate locally.
  2. We need to make sure this connected app is already pre – approved either by using WebServer, User Agent or any other flow. You can find this step in video recorded.
  3. We need to generate JWT token and sign it with certificate. This code snippet is available in this file in method getJWTSignedToken_nJWTLib(). I have used njwt module of Nodejs to create a JWT token. This is very useful website to validate and generate JWT token as per digital certificate.
  4. Next we need to send JWT request to token URL –  https://login.salesforce.com/services/oauth2/token
  5. If JWT request is valid then Salesforce returns access_token , which can be used in subsequent requests to perform allowed operations in Salesforce via Nodejs application.

How to run this on your system

Step 1

Clone this repository (Assuming Node.js already installed on system).

Step 2

Create a ssl certificate or reuse same certificate uploaded in this repository. Refer this post to learn how to create ssl certificate using openssl.

Step 3

Create Connected App in your Salesforce instance with callback URL – https://localhost:8081/oauthcallback.html. Make sure to upload server.crt as a digital certificate in connected app. You can use your own certificate as well.

Step 4

Copy consumer key & secret created in connected app and update jwt_consumer_key and client_secret variable defined in Server.js file.

Step 5

Run npm install command in the directory where this code is downloaded. It will download all the required node modules. Then run npm start, or nodemon Server.js (if nodemon installed previously) it will start the server.

Step 6

Navigate to https://localhost:8081/ in your browser and you would see option for all 3 Auth flow – JWT, User Agent and Web Server.





Related Posts


10 responses to “Using JWT Flow to Authenticate Nodejs application with Salesforce”

  1. Iñaki Avatar

    Nice post Jitendra. I see you changed the code since you implemented this post removing the Web Server Flow. Why? Just curiosity.

  2. Omar Bensouda Korachi Avatar
    Omar Bensouda Korachi

    Nice post, Thanks

  3. SuryaKiran Jois Avatar
    SuryaKiran Jois

    Hi Jitendra,
    I do understand that a pre-authorization either through web server flow or user agent flow is needed before JWT is generated, signed and posted to Salesforce by the client app. However, there will be a session associated with the pre-authorization in Salesforce. What is the impact on subsequent calls from the client app in case the session (related to pre-authorization) times out?

    1. Jitendra Zaa Avatar

      Hi Surya, JWT works like refresh token. So, if token expires, it would get new one. Check this – https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5

  4. SuryaKiran Jois Avatar
    SuryaKiran Jois

    Got it, thanks Jitendra!

  5. swetha Avatar

    I am trying to use JWT to pass parameters from Java App hosted on AWS to Force.com Sites. How do I configure to decode in Salesforce? Authentication is already done in Java app and force.com site need to read the jwebtoken for parameters passed.

  6. Pavan Avatar

    You rocks, Jitu Da…. I could prepare demo for JWT auth flow…

  7. SFnet Avatar

    For the given client key, secret, UinqueAppID, I need to create a JWT token and send that to get the access token from 3rd party, I need the above example for SF callout. Could you provide that?

  8. Lok Avatar

    Hi Jitendra,

    I tried to use your approach to make JWT token by using njwt module and submit JWT request to SF. Even though I approved the connected app by using user agent flow, I am still facing “invalid grant/user hasn’t approved this consumer” issue for submitted JWT request. Please let me know if you have sometime to look into this issue and share your thoughts.


    1. Soumit Saha Avatar
      Soumit Saha

      I’m facing same issue. Authenticated with Agent flow but throwing error in JWT flow.Could you please provide more details?
      Some error occurred. Make sure connected app is approved previously. Salesforce Response : {“error”:”invalid_grant”,”error_description”:”user hasn’t approved this consumer”}

Leave a Reply to Jitendra ZaaCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Home

Subscribe now to keep reading and get access to the full archive.

Continue Reading

%d bloggers like this: