Lakshay Katney
Saleforce developer by profession but I like to work with various technologies.I blog about Force.com, Hybrid Apps, PhoneGap, AngularJS, BackboneJS, JavaScript in general. I am Angular & NodeJS fan.
Read MoreIn this post, I will talk about some basic understanding of Web Server OAuth flow that can be used to authorize Salesforce with some key points in consideration.
To know about OAuth, please go to my previous post Little Background For OAuth
It is a type of OAuth flow supported by Salesforce basically used by applications that are hosted on a secure server. To use this flow, key consideration is that the server must be able to protect the consumer secret. If you can't protect it or your building your application on devices, consider another flows to authorize Salesforce.
A connected app is needed in Salesforce to get consumer key & client id which is required to make requests. This app also determines what kind of access your user will get once fully authorized by Salesforce. You should always choose your kind of access for users.
This flow is a two step process to get your access token.
Parameter | Value |
---|---|
response_type | code |
client_id | 3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg |
redirect_uri | http://localhost:5000 |
Note: For sandbox instance, please use test.salesforce.com instead of login.salesforce.com
Once you hit this url, You will be redirected to Salesforce login page and will be asked to put your credentials. After you put your credentials, Salesforce will ask your permission to give access to application(application setup in terms of connected app remember?)
On "Allow", Salesforce will redirect to your callback url and will pass authorization code in url like below and this completes the step 1.
http://localhost:5000/code=aPrxaSyVmC8fBbeIj8OF2NRk.9EppC8REQIPX0sxd._9nc2WCFyaKXDsPauKaTXY3VUbnYjbOQ%3D%3D
Parameter | Value |
---|---|
grant_type | authorization_code |
client_id | 3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg |
client_secret | 8367991745412838923 |
redirect_uri | http://localhost:5000 |
code | aPrxaSyVmC8fBbeIj8OF2NRk.9EppC8REQIPX0sxd._9nc2WCFyaKXDsPauKaTXY3VUbnYjbOQ%3D%3D |
As a success, you will get access token with some more details. Example is mentioned below:
{"id":"https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P",
"issued_at":"1278448101416",
"refresh_token":"5Aep8614iLM.Dq661ePDmPEgaAW9Oh_L3JKkDpB4xReb54_
pZebnUG0h6Sb4KUVDpNtWEofWM39yg==",
"instance_url":"https://na1.salesforce.com",
"signature":"CMJ4l+CCaPQiKjoOEwEig9H4wqhpuLSk4J2urAe+fVg=",
"access_token":"00Dx0000000BV7z!AR8AQP0jITN80ESEsj5EbaZTFG0R
NBaT1cyWk7TrqoDjoNIWQ2ME_sTZzBjfmOE6zMHq6y8PIW4eWze9JksNEkWUl.Cju7m4"}
Hope this helps. In case of any query, please ask by writing your query in comments below.
Subscribe to our newsletter to get the latest scoop right to your inbox.