OAuth – Jitendra Zaa's Blog

Using JWT Flow to Authenticate Nodejs application with Salesforce

posted by Jitendra on October 8, 2017October 10, 2017 under category Salesforce and tagged as JWT, NodeJs, OAuth, OpenSSL, Video Tutorial with 6 Comments

Video tutorial and Complete source code to use Salesforce JWT OAuth to authenticate Nodejs Application

JWT OAuth uses digital signature to authenticate external application with Salesforce. JWT can be used to request an OAuth access token from Salesforce when a client wants to use a previous authorization.

Complete Source code is available here.

How JWT OAuth works

Developer creates a connected app and provides digital certificate in OAuth settings. You can refer this post to understand how openssl can be used to create digital certificate locally.
We need to make sure this connected app is already pre – approved either by using WebServer, User Agent or any other flow. You can find this step in video recorded.
We need to generate JWT token and sign it with certificate. This code snippet is available in this file in method getJWTSignedToken_nJWTLib(). I have used njwt module of Nodejs to create a JWT token. This is very useful website to validate and generate JWT token as per digital certificate.
Next we need to send JWT request to token URL – https://login.salesforce.com/services/oauth2/token
If JWT request is valid then Salesforce returns access_token , which can be used in subsequent requests to perform allowed operations in Salesforce via Nodejs application.

Continue reading “Using JWT Flow to Authenticate Nodejs application with Salesforce”

Use Lightning Components on external websites – Lightning Out

posted by Jitendra on April 5, 2017April 6, 2017 under category Lightning, Salesforce and tagged as CORS, CORS enabled Nodejs, Cross Origin Resource Sharing (CORS), Lightning component, Lightning out, NodeJs, OAuth, OpenSSL, SSL, SSL enabled Nodejs, X.509 Certificate with 9 Comments

How to use Lightning component in node.js (External websites) by using Lightning Out. It shows how to enable CORS and SSL in Node.js with Video and complete source code.

If you were the users of IGoogle, few years back, you would be excited to know that web development is progressing in that direction. Architect of web application development is getting shifted towards component based development by introducing concepts like Web Components and frameworks like polymer and Lightning Components. One of the possible use case of component driven development is ability to use whole component externally. In IGoogle, components were built by partners and then was exposed as widgets to be used on your custom Google home page. Salesforce product team, being visionary came up something like this by introducing Lightning Out. With the help of Lightning Out, we can surface our existing Lightning Component to external websites. Previously, we already discussed that how Lightning components can be used on Visualforce pages using Lightning Out.

Let’s see how we can do it. Continue reading “Use Lightning Components on external websites – Lightning Out”

using cURL with Salesforce Rest API

posted by Jitendra on July 16, 2015August 29, 2015 under category Salesforce and tagged as cURL, OAuth, REST API with 10 Comments

Workbench is one of widely used tool in Salesforce when it comes to exploring REST API of Salesforce. However I wanted to export REST API response in Binary format and therefore used cURL. cURL is open source command line library mostly used to test http request. It can be downloaded from here and official documentation about how to use cURL can be referred from here.

To use cURL with Salesforce REST API, we will need to use username – password flow of OAuth2. To use OAuth2, we need to create connected App. You can check “Create Connected app” section of this post. You can enter any URL for callback or if you have already created any connected app in past, then it can be used. After creating connected app, note “Consumer key” and “Consumer Secret” somewhere.

create file “LoginInfo.txt” file which will have all required login information in URL encoded format

grant_type=password& client_id= 3MVG9iTxZANhwsdsdsdsdspr0Lu3QNRNKk4c2FejzTys5Mlp43UeSHBuhWWgRjEUyV6xE7N0GostjR3sRat & client_secret=21961212323233121943 & username=jitendra.zaa@demo.com & password=myPWDAndSecurityToken

make sure there is no space in above file. I have added some space for sake of readability.

grant_type=password informs Salesforce to use “Username and password” flow of OAuth2, We are also passing client_id, client_secret, username and password. Continue reading “using cURL with Salesforce Rest API”

Salesforce to Salesforce integration using Named Credentials in 5 lines

posted by Jitendra on May 29, 2015August 18, 2017 under category Salesforce and tagged as Apex, Authentication Provider, Integration, Named Credentials, OAuth with 10 Comments

I have already written article to integrate Salesforce with other Salesforce instance around 3 years back. In last 3 years, Salesforce has changed a lot. This time I will integrate Salesforce with other Salesforce only only in 5 lines of code, can you believe it 🙂 ? Check my old article, and its around 50+ lines of code with security control.

What is Named Credential ?

A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. You can simplify the setup of authenticated Apex callouts by specifying a named credential as the callout endpoint. You can instead specify a URL as the callout endpoint and register that URL in your organization’s remote site settings. In that case, however, you handle the authentication in your code. Doing so can be less secure and especially complicated for OAuth authentication.

Long description short , “using Named Credential, we can make call out to external system without supplying username or Password”.

Continue reading “Salesforce to Salesforce integration using Named Credentials in 5 lines”

Login to Salesforce from Salesforce using Authentication Provider

posted by Jitendra on May 29, 2015October 3, 2017 under category Salesforce and tagged as Authentication Provider, Login, My Domain, OAuth, Salesforce with 15 Comments

There are many ways to login to your Salesforce instance, using Google, Facebook, Linked, Twitter and even from other Salesforce Organization. I am sure many of readers has multiple Salesforce instances and its hard to remember password of each. We can connect every Salesforce instances and login using only one. In this post we will see, how we can login to one Salesforce from other using built in Authentication provider from Salesforce.

Throughout this article I will use term “service provider Salesforce instance” for Organization where I need to go after login and “Authentication Provider instance” which will authenticate user and will act as source organization for login.

Enable MyDomain

First step to start with Authentication Provider is to setup my domain in your “service provider Salesforce instance“. This step is important so that it will display all available Authentication provider for that Salesforce instance.

Create Connected app

If you want to login from Facebook, LinkedIn or any other web application, you need to inform Salesforce that those applications are legitimate and this is very important piece of OAuth2. One of major difference between OAuth1 and OAuth2 is that OAuth2 provides scope where you can set what specific permission this Connected App will need.

Connected App also has “Consumer Key” and “Consumer Secret” which is equivalent to “username” and “password” for that App.

Other important setting, connected app has “Callback URL“. This is the URL where “Authentication Provider instance” should return after providing access. Even if somehow “Consumer Key” and “Consumer Secret” is compromised, it will return to Callback URL which is your application.

Continue reading “Login to Salesforce from Salesforce using Authentication Provider”

Creating Salesforce Query Builder in Node.js and AngularJs using Salesforce REST API and OAuth2 with Heroku Button

posted by Jitendra on August 18, 2014August 19, 2014 under category HTML, Node.js, Salesforce and tagged as AngularJs, Bootstrap, Heroku, NodeJs, OAuth, Salesforce with 3 Comments

In this post, we will be creating a Salesforce Query (SOQL) Builder. It uses Google’s Angularjs MVC Javascript library and REST API provided by Salesforce. For Authentication, it uses OAuth2.

Node.js is used as a primary language and hosted on Heroku. If you want to directly deploy to your Heroku Account, You can use Heroku Button on this Git Repository.

We have many tools available online for Query builder, However none of them were satisfying me so though to create my own tool.

This Node.js application is used for building SOQL with following features :

Toggle between API name and Label Name
Search Objects or Fileds needs to build SOQL (In my case, it was primitive. I had more than 70 Objects and many of those objects has 300+ fields)
Checkboxes to select fields (No need to hold control button to select multiple fields)
Automatic Query Builder at Right side of page
Shows API count used by application
Search returned records
Sorting on Table Headers
Pagination

Note : You will need to create “Connected App” in Salesforce to allow OAuth as explained in this post.

Live Demo of application

Continue reading “Creating Salesforce Query Builder in Node.js and AngularJs using Salesforce REST API and OAuth2 with Heroku Button”

Implement SAML based Single Sign On (SSO) | Using Salesforce as Identity Provider (Idp) as well as Service Provider (SP)

posted by Jitendra on April 23, 2014April 23, 2014 under category Salesforce and tagged as Identity provider, IDp Initiated SSO, OAuth, Salesforce 1, SAML, Service Provider, SSO with 12 Comments

Previously we have seen, How to setup SAML based Single Sign On Where Salesforce will be Service Provider and some other application like AXIOM will be Identity Provider. In this article we will use one Salesforce Instance as Identity Provider and other Salesforce Instance as Service Provider.

Before starting you have to decide which salesforce Instance will act as Identity Provider and which one will act as Service Provider. To Avoid confusions, we can create app with different Logo to distinguish Identity Provider and Service Provider like I did.

Step 1 : Enable Domain in Identity Provider Organization
From Setup, click Domain Management | My Domain, enter a new subdomain name, and click Check Availability. If the name is available, click the Terms and Conditions check box, then click Register Domain. Continue reading “Implement SAML based Single Sign On (SSO) | Using Salesforce as Identity Provider (Idp) as well as Service Provider (SP)”

Merge PDF in Salesforce Using Java, ITextPDF and OAuth 2

posted by Jitendra on December 9, 2012July 2, 2015 under category Apex, JAVA, Salesforce and tagged as Integration, JAVA, OAuth, Salesforce with 13 Comments

Its long time, since i wrote any article because of my busy schedule However this time i came with advance one. In this article we are going to use the J2EE (Servlet) to Merge PDF attachment inside salesforce with the help of OAuth and ITextPDF jar file. The reason of writing this article is that there is no native support by Apex to merge two attachments in Salesforce. Either we have to go for AppExchange product like CongaMerg or Drawloop or we can write our own code in any other language like Java and C# and with the help of REST API we can save get and save attachment in Salesforce.

First we will need to setup the OAuth permission so that our local J2EE application can interact with Salesforce. For this login to Salesforce account and Navigate to “Set up | App Set up | Develop | Remote Access” and enter the information. Be careful about the “Callback URL”. It must match in your code. After creating the “Remote Access”, note “Consumer Key” and “Consumer Secret” which will be needed in your code.

Update : “Remote Access” is renamed to Connected App. So throughout this article, if you see image of “Remote Access” then please consider it as Connected App.

Create Remote Access in Salesforce.com for OAuth 2

Continue reading “Merge PDF in Salesforce Using Java, ITextPDF and OAuth 2”