OAuth Series : Web Server OAuth Flow - Salesforce

Salesforce Mar 7, 2018

In this post, I will talk about some basic understanding of Web Server OAuth flow that can be used to authorize Salesforce with some key points in consideration.

To know about OAuth, please go to my previous post Little Background For OAuth

What is it?

It is a type of OAuth flow supported by Salesforce basically used by applications that are hosted on a secure server. To use this flow, key consideration is that the server must be able to protect the consumer secret. If you can't protect it or your building your application on devices, consider another flows to authorize Salesforce.

What is needed?

A connected app is needed in Salesforce to get consumer key & client id which is required to make requests. This app also determines what kind of access your user will get once fully authorized by Salesforce. You should always choose your kind of access for users.

Steps to execute

This flow is a two step process to get your access token.

  1. First step is to hit Salesforce authorize url https://login.salesforce.com/services/oauth2/authorize to get an authorization code which will be used in next step to get an access token. Prepare your url by putting your parameters like below
Parameter Value
response_type code
client_id 3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg
redirect_uri http://localhost:5000

Link Generated : https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg&redirect_uri=http://localhost:5000

Note: For sandbox instance, please use test.salesforce.com instead of login.salesforce.com

Once you hit this url, You will be redirected to Salesforce login page and will be asked to put your credentials. After you put your credentials, Salesforce will ask your permission to give access to application(application setup in terms of connected app remember?)

On "Allow", Salesforce will redirect to your callback url and will pass authorization code in url like below and this completes the step 1.

     http://localhost:5000/code=aPrxaSyVmC8fBbeIj8OF2NRk.9EppC8REQIPX0sxd._9nc2WCFyaKXDsPauKaTXY3VUbnYjbOQ%3D%3D
  1. In step 2, you need to make a post request to token endpoint https://login.salesforce.com/services/oauth2/token with above authorization code and most importantly with your consumer key along with few more parameters. Parameters are mentioned below
Parameter Value
grant_type authorization_code
client_id 3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg
client_secret 8367991745412838923
redirect_uri http://localhost:5000
code aPrxaSyVmC8fBbeIj8OF2NRk.9EppC8REQIPX0sxd._9nc2WCFyaKXDsPauKaTXY3VUbnYjbOQ%3D%3D

As a success, you will get access token with some more details. Example is mentioned below:

    {"id":"https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P",
    "issued_at":"1278448101416",
    "refresh_token":"5Aep8614iLM.Dq661ePDmPEgaAW9Oh_L3JKkDpB4xReb54_
    pZebnUG0h6Sb4KUVDpNtWEofWM39yg==",
    "instance_url":"https://na1.salesforce.com",
    "signature":"CMJ4l+CCaPQiKjoOEwEig9H4wqhpuLSk4J2urAe+fVg=",
    "access_token":"00Dx0000000BV7z!AR8AQP0jITN80ESEsj5EbaZTFG0R
    NBaT1cyWk7TrqoDjoNIWQ2ME_sTZzBjfmOE6zMHq6y8PIW4eWze9JksNEkWUl.Cju7m4"}

Hope this helps. In case of any query, please ask by writing your query in comments below.

Little Background For OAuth

Related Tags:

Salesforce   OAuth   Authentication