OAuth Series : Web Server OAuth Flow - Salesforce
In this post, I will talk about some basic understanding of Web Server OAuth flow that can be used to authorize Salesforce with some key points in consideration.
To know about OAuth, please go to my previous post Little Background For OAuth
What is it?
It is a type of OAuth flow supported by Salesforce basically used by applications that are hosted on a secure server. To use this flow, key consideration is that the server must be able to protect the consumer secret. If you can't protect it or your building your application on devices, consider another flows to authorize Salesforce.
What is needed?
A connected app is needed in Salesforce to get consumer key & client id which is required to make requests. This app also determines what kind of access your user will get once fully authorized by Salesforce. You should always choose your kind of access for users.
Steps to execute
This flow is a two step process to get your access token.
First step is to hit Salesforce authorize url https://login.salesforce.com/services/oauth2/authorize to get an authorization code which will be used in next step to get an access token. Prepare your url by putting your parameters like below
Parameter Value response_type code client_id 3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg redirect_uri http://localhost:5000 Link Generated : https://login.salesforce.com/services/oauth2/authorize?responsetype=code&clientid=3MVG9Y6dBtp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwFh7GEtolGmIg&redirect_uri=http://localhost:5000
Note: For sandbox instance, please use test.salesforce.com instead of login.salesforce.com
Once you hit this url, You will be redirected to Salesforce login page and will be asked to put your credentials. After you put your credentials, Salesforce will ask your permission to give access to application(application setup in terms of connected app remember?)
On "Allow", Salesforce will redirect to your callback url and will pass authorization code in url like below and this completes the step 1.
http://localhost:5000/code=aPrxaSyVmC8fBbeIj8OF2NRk.9EppC8REQIPX0sxd._9nc2WCFyaKXDsPauKaTXY3VUbnYjbOQ%3D%3DIn step 2, you need to make a post request to token endpoint https://login.salesforce.com/services/oauth2/token with above authorization code and most importantly with your consumer key along with few more parameters. Parameters are mentioned below
Parameter Value grant_type authorization_code client_id 3MVG9Y6d_Btp4xp5q6h4q2Ii440bpBsaH4hLMny8ulIBfpvws08WSIskaCsdkT8ru9967lEwF_h7GEtolGmIg client_secret 8367991745412838923 redirect_uri http://localhost:5000 code aPrxaSyVmC8fBbeIj8OF2NRk.9EppC8REQIPX0sxd._9nc2WCFyaKXDsPauKaTXY3VUbnYjbOQ%3D%3D As a success, you will get access token with some more details. Example is mentioned below:
{"id":"https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P", "issued_at":"1278448101416", "refresh_token":"5Aep8614iLM.Dq661ePDmPEgaAW9Oh_L3JKkDpB4xReb54_ pZebnUG0h6Sb4KUVDpNtWEofWM39yg==", "instance_url":"https://na1.salesforce.com", "signature":"CMJ4l+CCaPQiKjoOEwEig9H4wqhpuLSk4J2urAe+fVg=", "access_token":"00Dx0000000BV7z!AR8AQP0jITN80ESEsj5EbaZTFG0R NBaT1cyWk7TrqoDjoNIWQ2ME_sTZzBjfmOE6zMHq6y8PIW4eWze9JksNEkWUl.Cju7m4"}
Hope this helps. In case of any query, please ask by writing your query in comments below.