OAuth Series : Web Server OAuth Flow - Salesforce
In this post, I will talk about some basic understanding of Web Server OAuth flow that can be used to authorize Salesforce with some key points in consideration.
To know about OAuth, please go to my previous post Little Background For OAuth
What is it?
It is a type of OAuth flow supported by Salesforce basically used by applications that are hosted on a secure server. To use this flow, key consideration is that the server must be able to protect the consumer secret. If you can't protect it or your building your application on devices, consider another flows to authorize Salesforce.
What is needed?
A connected app is needed in Salesforce to get consumer key & client id which is required to make requests. This app also determines what kind of access your user will get once fully authorized by Salesforce. You should always choose your kind of access for users.
Steps to execute
This flow is a two step process to get your access token.
- First step is to hit Salesforce authorize url https://login.salesforce.com/services/oauth2/authorize to get an authorization code which will be used in next step to get an access token. Prepare your url by putting your parameters like below
| Parameter | Value |
|---|---|
| response_type | code |
| client_id | 3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg |
| redirect_uri | http://localhost:5000 |
Note: For sandbox instance, please use test.salesforce.com instead of login.salesforce.com
Once you hit this url, You will be redirected to Salesforce login page and will be asked to put your credentials. After you put your credentials, Salesforce will ask your permission to give access to application(application setup in terms of connected app remember?)
On "Allow", Salesforce will redirect to your callback url and will pass authorization code in url like below and this completes the step 1.
http://localhost:5000/code=aPrxaSyVmC8fBbeIj8OF2NRk.9EppC8REQIPX0sxd._9nc2WCFyaKXDsPauKaTXY3VUbnYjbOQ%3D%3D
- In step 2, you need to make a post request to token endpoint https://login.salesforce.com/services/oauth2/token with above authorization code and most importantly with your consumer key along with few more parameters. Parameters are mentioned below
| Parameter | Value |
|---|---|
| grant_type | authorization_code |
| client_id | 3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg |
| client_secret | 8367991745412838923 |
| redirect_uri | http://localhost:5000 |
| code | aPrxaSyVmC8fBbeIj8OF2NRk.9EppC8REQIPX0sxd._9nc2WCFyaKXDsPauKaTXY3VUbnYjbOQ%3D%3D |
As a success, you will get access token with some more details. Example is mentioned below:
{"id":"https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P",
"issued_at":"1278448101416",
"refresh_token":"5Aep8614iLM.Dq661ePDmPEgaAW9Oh_L3JKkDpB4xReb54_
pZebnUG0h6Sb4KUVDpNtWEofWM39yg==",
"instance_url":"https://na1.salesforce.com",
"signature":"CMJ4l+CCaPQiKjoOEwEig9H4wqhpuLSk4J2urAe+fVg=",
"access_token":"00Dx0000000BV7z!AR8AQP0jITN80ESEsj5EbaZTFG0R
NBaT1cyWk7TrqoDjoNIWQ2ME_sTZzBjfmOE6zMHq6y8PIW4eWze9JksNEkWUl.Cju7m4"}
Hope this helps. In case of any query, please ask by writing your query in comments below.