JWT OAuth uses digital signature to authenticate external application with Salesforce. JWT can be used to request an OAuth access token from Salesforce when a client wants to use a previous authorization.
If you were the users of IGoogle, few years back, you would be excited to know that web development is progressing in that direction. Architect of web application development is getting shifted towards component based development by introducing concepts like Web Components and frameworks like polymer and Lightning Components. One of the possible use case of component driven development is ability to use whole component externally. In IGoogle, components were built by partners and then was exposed as widgets to be used on your custom Google home page. Salesforce product team, being visionary came up something like this by introducing Lightning Out. With the help of Lightning Out, we can surface our existing Lightning Component to external websites. Previously, we already discussed that how Lightning components can be used on Visualforce pages using Lightning Out.
Workbench is one of widely used tool in Salesforce when it comes to exploring REST API of Salesforce. However I wanted to export REST API response in Binary format and therefore used cURL. cURL is open source command line library mostly used to test http request. It can be downloaded from here and official documentation about how to use cURL can be referred from here.
To use cURL with Salesforce REST API, we will need to use username – password flow of OAuth2. To use OAuth2, we need to create connected App. You can check “Create Connected app” section of this post. You can enter any URL for callback or if you have already created any connected app in past, then it can be used. After creating connected app, note “Consumer key” and “Consumer Secret” somewhere.
create file “LoginInfo.txt” file which will have all required login information in URL encoded format
A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. You can simplify the setup of authenticated Apex callouts by specifying a named credential as the callout endpoint. You can instead specify a URL as the callout endpoint and register that URL in your organization’s remote site settings. In that case, however, you handle the authentication in your code. Doing so can be less secure and especially complicated for OAuth authentication.
Long description short , “using Named Credential, we can make call out to external system without supplying username or Password”.
There are many ways to login to your Salesforce instance, using Google, Facebook, Linked, Twitter and even from other Salesforce Organization. I am sure many of readers has multiple Salesforce instances and its hard to remember password of each. We can connect every Salesforce instances and login using only one. In this post we will see, how we can login to one Salesforce from other using built in Authentication provider from Salesforce.
Throughout this article I will use term “service provider Salesforce instance” for Organization where I need to go after login and “Authentication Provider instance” which will authenticate user and will act as source organization for login.
First step to start with Authentication Provider is to setup my domain in your “service provider Salesforce instance“. This step is important so that it will display all available Authentication provider for that Salesforce instance.
Create Connected app
If you want to login from Facebook, LinkedIn or any other web application, you need to inform Salesforce that those applications are legitimate and this is very important piece of OAuth2. One of major difference between OAuth1 and OAuth2 is that OAuth2 provides scope where you can set what specific permission this Connected App will need.
Connected App also has “Consumer Key” and “Consumer Secret” which is equivalent to “username” and “password” for that App.
Other important setting, connected app has “Callback URL“. This is the URL where “Authentication Provider instance” should return after providing access. Even if somehow “Consumer Key” and “Consumer Secret” is compromised, it will return to Callback URL which is your application.
Before starting you have to decide which salesforce Instance will act as Identity Provider and which one will act as Service Provider. To Avoid confusions, we can create app with different Logo to distinguish Identity Provider and Service Provider like I did.
Step 1 : Enable Domain in Identity Provider Organization
From Setup, click Domain Management | My Domain, enter a new subdomain name, and click Check Availability. If the name is available, click the Terms and Conditions check box, then click Register Domain.
Its long time, since i wrote any article because of my busy schedule However this time i came with advance one. In this article we are going to use the J2EE (Servlet) to Merge PDF attachment inside salesforce with the help of OAuth and ITextPDF jar file. The reason of writing this article is that there is no native support by Apex to merge two attachments in Salesforce. Either we have to go for AppExchange product like CongaMerg or Drawloop or we can write our own code in any other language like Java and C# and with the help of REST API we can save get and save attachment in Salesforce.
First we will need to setup the OAuth permission so that our local J2EE application can interact with Salesforce. For this login to Salesforce account and Navigate to “Set up | App Set up | Develop | Remote Access” and enter the information. Be careful about the “Callback URL”. It must match in your code. After creating the “Remote Access”, note “Consumer Key” and “Consumer Secret” which will be needed in your code.
Update : “Remote Access” is renamed to Connected App. So throughout this article, if you see image of “Remote Access” then please consider it as Connected App.