OAuth – Jitendra Zaa's Blog

Using JWT Flow to Authenticate Nodejs application with Salesforce

JWT OAuth

JWT OAuth uses digital signature to authenticate external application with Salesforce. JWT can be used to request an OAuth access token from Salesforce when a client wants to use a previous authorization.

Complete Source code is available here.

How JWT OAuth works

Developer creates a connected app and provides digital certificate in OAuth settings. You can refer this post to understand how openssl can be used to create digital certificate locally.
We need to make sure this connected app is already pre – approved either by using WebServer, User Agent or any other flow. You can find this step in video recorded.
We need to generate JWT token and sign it with certificate. This code snippet is available in this file in method getJWTSignedToken_nJWTLib(). I have used njwt module of Nodejs to create a JWT token. This is very useful website to validate and generate JWT token as per digital certificate.
Next we need to send JWT request to token URL – https://login.salesforce.com/services/oauth2/token
If JWT request is valid then Salesforce returns access_token , which can be used in subsequent requests to perform allowed operations in Salesforce via Nodejs application.

Use Lightning Components on external websites – Lightning Out

Show Lightning Component in Node.js using Lightning Out

If you were the users of IGoogle, few years back, you would be excited to know that web development is progressing in that direction. Architect of web application development is getting shifted towards component based development by introducing concepts like Web Components and frameworks like polymer and Lightning Components. One of the possible use case of component driven development is ability to use whole component externally. In IGoogle, components were built by partners and then was exposed as widgets to be used on your custom Google home page. Salesforce product team, being visionary came up something like this by introducing Lightning Out. With the help of Lightning Out, we can surface our existing Lightning Component to external websites. Previously, we already discussed that how Lightning components can be used on Visualforce pages using Lightning Out.

Let’s see how we can do it.

using cURL with Salesforce Rest API

Workbench is one of widely used tool in Salesforce when it comes to exploring REST API of Salesforce. However I wanted to export REST API response in Binary format and therefore used cURL. cURL is open source command line library mostly used to test http request. It can be downloaded from here and official documentation about how to use cURL can be referred from here.

To use cURL with Salesforce REST API, we will need to use username – password flow of OAuth2. To use OAuth2, we need to create connected App. You can check “Create Connected app” section of this post. You can enter any URL for callback or if you have already created any connected app in past, then it can be used. After creating connected app, note “Consumer key” and “Consumer Secret” somewhere.

create file “LoginInfo.txt” file which will have all required login information in URL encoded format

grant_type=password& client_id= 3MVG9iTxZANhwsdsdsdsdspr0Lu3QNRNKk4c2FejzTys5Mlp43UeSHBuhWWgRjEUyV6xE7N0GostjR3sRat & client_secret=21961212323233121943 & username=jitendra.zaa@demo.com & password=myPWDAndSecurityToken

make sure there is no space in above file. I have added some space for sake of readability.

grant_type=password informs Salesforce to use “Username and password” flow of OAuth2, We are also passing client_id, client_secret, username and password.

Salesforce to Salesforce integration using Named Credentials in 5 lines

I have already written article to integrate Salesforce with other Salesforce instance around 3 years back. In last 3 years, Salesforce has changed a lot. This time I will integrate Salesforce with other Salesforce only only in 5 lines of code, can you believe it 🙂 ? Check my old article, and its around 50+ lines of code with security control.

What is Named Credential ?

A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. You can simplify the setup of authenticated Apex callouts by specifying a named credential as the callout endpoint. You can instead specify a URL as the callout endpoint and register that URL in your organization’s remote site settings. In that case, however, you handle the authentication in your code. Doing so can be less secure and especially complicated for OAuth authentication.

Long description short , “using Named Credential, we can make call out to external system without supplying username or Password”.

Login to Salesforce from Salesforce using Authentication Provider

There are many ways to login to your Salesforce instance, using Google, Facebook, Linked, Twitter and even from other Salesforce Organization. I am sure many of readers has multiple Salesforce instances and its hard to remember password of each. We can connect every Salesforce instances and login using only one. In this post we will see, how we can login to one Salesforce from other using built in Authentication provider from Salesforce.

Throughout this article I will use term “service provider Salesforce instance” for Organization where I need to go after login and “Authentication Provider instance” which will authenticate user and will act as source organization for login.

Enable MyDomain

First step to start with Authentication Provider is to setup my domain in your “service provider Salesforce instance“. This step is important so that it will display all available Authentication provider for that Salesforce instance.

Create Connected app

If you want to login from Facebook, LinkedIn or any other web application, you need to inform Salesforce that those applications are legitimate and this is very important piece of OAuth2. One of major difference between OAuth1 and OAuth2 is that OAuth2 provides scope where you can set what specific permission this Connected App will need.

Connected App also has “Consumer Key” and “Consumer Secret” which is equivalent to “username” and “password” for that App.

Other important setting, connected app has “Callback URL“. This is the URL where “Authentication Provider instance” should return after providing access. Even if somehow “Consumer Key” and “Consumer Secret” is compromised, it will return to Callback URL which is your application.

Creating Salesforce Query Builder in Node.js and AngularJs using Salesforce REST API and OAuth2 with Heroku Button

In this post, we will be creating a Salesforce Query (SOQL) Builder. It uses Google’s Angularjs MVC Javascript library and REST API provided by Salesforce. For Authentication, it uses OAuth2.

Node.js is used as a primary language and hosted on Heroku. If you want to directly deploy to your Heroku Account, You can use Heroku Button on this Git Repository.

We have many tools available online for Query builder, However none of them were satisfying me so though to create my own tool.

This Node.js application is used for building SOQL with following features :

Toggle between API name and Label Name
Search Objects or Fileds needs to build SOQL (In my case, it was primitive. I had more than 70 Objects and many of those objects has 300+ fields)
Checkboxes to select fields (No need to hold control button to select multiple fields)
Automatic Query Builder at Right side of page
Shows API count used by application
Search returned records
Sorting on Table Headers
Pagination

Note : You will need to create “Connected App” in Salesforce to allow OAuth as explained in this post.

Live Demo of application

Implement SAML based Single Sign On (SSO) | Using Salesforce as Identity Provider (Idp) as well as Service Provider (SP)

Previously we have seen, How to setup SAML based Single Sign On Where Salesforce will be Service Provider and some other application like AXIOM will be Identity Provider. In this article we will use one Salesforce Instance as Identity Provider and other Salesforce Instance as Service Provider.

Before starting you have to decide which salesforce Instance will act as Identity Provider and which one will act as Service Provider. To Avoid confusions, we can create app with different Logo to distinguish Identity Provider and Service Provider like I did.

Step 1 : Enable Domain in Identity Provider Organization
From Setup, click Domain Management | My Domain, enter a new subdomain name, and click Check Availability. If the name is available, click the Terms and Conditions check box, then click Register Domain.

Merge PDF in Salesforce Using Java, ITextPDF and OAuth 2

Its long time, since i wrote any article because of my busy schedule However this time i came with advance one. In this article we are going to use the J2EE (Servlet) to Merge PDF attachment inside salesforce with the help of OAuth and ITextPDF jar file. The reason of writing this article is that there is no native support by Apex to merge two attachments in Salesforce. Either we have to go for AppExchange product like CongaMerg or Drawloop or we can write our own code in any other language like Java and C# and with the help of REST API we can save get and save attachment in Salesforce.

First we will need to setup the OAuth permission so that our local J2EE application can interact with Salesforce. For this login to Salesforce account and Navigate to “Set up | App Set up | Develop | Remote Access” and enter the information. Be careful about the “Callback URL”. It must match in your code. After creating the “Remote Access”, note “Consumer Key” and “Consumer Secret” which will be needed in your code.

Update : “Remote Access” is renamed to Connected App. So throughout this article, if you see image of “Remote Access” then please consider it as Connected App.

Create Remote Access in Salesforce.com for OAuth 2