Quantcast
Sunday , August 19 2018
Home / Apex / How To Do In Salesforce / How to Authenticate user using Username-Password Authentication Flow in Salesforce?

How to Authenticate user using Username-Password Authentication Flow in Salesforce?

How to Authenticate user using Username-Password Authentication Flow in Salesforce?

Salesforce uses oAuth protocol to allow application users to access the data in salesforce securely without exposing Username and password of a particular user.

But before we could make a REST Api call, we need to authenticate our app with salesforce, by making it a connected app. To make an App as connected app follow the steps given in this post.

How to Authenticate user using Username-Password Authentication Flow in Salesforce?

There are several OAuth endpoints provided by Salesforce, depending upon our requirement and resources we need to choose an authentication flow from the below

  1. Web server Flow
  2. User-Agent Flow
  3. Username-Password Flow

Once we have successfully authenticated our connected app user, salesforce provide us with an access token, which are further utilised to make authenticated REST Api calls.

In this post we are going to discuss the Username-Password Authentication Flow.

This authentication flow make use of user’s credentials directly on the web server and should be used only if necessary, there is no refresh token is provided in this flow, see the flow diagram below.

Username-Password OAuth Flow

Step wise breakdown of the authentication flow:

  1. The application uses the credential of the user to generate the access token. To use this service, we make a POSt call to the endpoint for the Username-password authentication flow : https://login.salesforce.com/services/oauth2/token

 

Parameter          Description

grant_type         Must be password for this authentication flow.

client_id               The Consumer Key from the connected app definition.

client_secret      The Consumer Secret from the connected app definition. Required unless the Require Secret for Web Server Flow setting is not enabled in the connected app definition.

username           End-user’s username.

password            End-user’s password.

 

Example authorization url will look something like this:

 

grant_type=password&client_id=3MVG9lKcPoNINVBIPJjdw1J9LLM82HnFVVX19KY1uA5mu0QqEWhqKpoW3svG3XHrXDiCQjK1mdgAvhCscA9GE&client_secret=1955279925675241571&username=testuser%40salesforce.com&password=mypassword123456

  1. After confirmation from Salesforce the client application will get a response with the access token authorized and end-user’s Web browser would be redirected to the callback URL specified by the redirect_uri parameter. The authorization information is appended by Salesforce to the redirect URL with the following values:

Parameters        Description

access_token    Access token that acts as a session ID that the application uses for making requests. This token should be protected as though it were user credentials.

instance_url       Identifies the Salesforce instance to which API calls should be sent.

id                            Identity URL that can be used to both identify the user as well as query for more information about the user. Can be used in an HTTP request to get more information about the end user.

issued_at            When the signature was created, represented as the number of seconds since the Unix epoch (00:00:00 UTC on 1 January 1970).

signature             Base64-encoded HMAC-SHA256 signature signed with the consumer’s private key containing the concatenated ID and issued_at value. The signature can be used to verify that the identity URL wasn’t modified because it was sent by the server.

 

An example of the response is as shown below

{“id”:”https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P”,

“issued_at”:”1278448832702″,”instance_url”:”https://***yourInstance***.salesforce.com/”,

“signature”:”0CmxinZir53Yex7nE0TD+zMpvIWYGb/bdJh6XfOH6EQ=”,”access_token”:

“00Dx0000000BV7z!AR8AQAxo9UfVkh8AlV0Gomt9Czx9LjHnSSpwBMmbRcgKFmxOtvxjTrKW1

9ye6PE3Ds1eQz3z8jr3W7_VbWmEu4Q8TVGSTHxs”}

 

  1. The information received in the previous step is further used to make the authenticated REST Api calls.
  • Keep following point in mind when using username-password flow. User is not redirected to Salesforce Login screen and is therefore not able to authorize the external application and therefore no refresh token is granted to the end user. Need to Use other OAuth Flow if a refresh token is required.

 

 

Also, Have a look at the below resources:

  1. Best Salesforce Interview Questions book with Apex and Visualforce concept explained

Also, Have a look at the below learning resources:

  1. SOQL (Salesforce Object Query Language)

  2. Apex Trigger Best Practices and the Trigger Framework

  3. Salesforce Interview Question and Answers Part 2

  4. Salesforce Interview Questions on Test Class

  5. Salesforce-lightning-interview-questions-2018

     6. Salesforce Interview Questions Batch Class 

About Sumit Datta

Sumit Datta
I am a 3x Certified Salesforce developer with overall 5 years of IT experience and 3 years of Implementation experience in Salesforce. I am here to share my knowledge and help Beginners in Salesforce to understand the concepts of Apex, Visualforce, Salesforce Lightning and Salesforce Configuration.

Check Also

MODAL Box

How to create a Modal box in Lightning Component?

How to create a Modal box in Lightning Component? In this post we are going …

Salesforce Lightning Training

How to send parameters in AuraEnabled methods in Salesforce Lightning Components?

How to send parameters in AuraEnabled methods in Salesforce Lightning Components? Passing value to and …

Salesforce Lightning Tutorials

How to use lightning accordion

How to use lightning accordion and how to dynamically add accordion section in lightning. In …

Salesforce Lightning Tutorial

How to fetch and display list of records in Lightning Component

How to fetch and display list of records in Lightning Component? In this post we …

Leave a Reply

Your email address will not be published. Required fields are marked *