Quantcast
Monday , September 24 2018
Home / Apex / How To Do In Salesforce / How to Authenticate user in Salesforce Using REST Api?

How to Authenticate user in Salesforce Using REST Api?

How to Authenticate user in Salesforce Using REST Api?

Salesforce uses oAuth protocol to allow application users to access the data in salesforce securely without exposing Username and password of a particular user.

How to Authenticate user in Salesforce Using REST Api?

But before we could make a REST Api call, we need to authenticate our app with salesforce, by making it a connected app. To make an App as connected app follow the steps given in this post.

There are several OAuth endpoints provided by Salesforce, depending upon our requirement and resources we need to choose an authentication flow from the below

  1. Web server Flow
  2. User-Agent Flow
  3. Username-Password Flow

Once we have successfully authenticated our connected app user, salesforce provide us with an access token, which are further utilised to make authenticated REST Api calls.

In this post we are going to discuss the Web Server Authentication Flow.

This authentication flow is used by the application which are hosted over a secure server. In this flow client application redirects the user to another web server i.e. an authorization server where the user get generates an authorize code, now this authorise code is used to fetch the access token from the Salesforce, see the flow diagram below.How to Authenticate user in Salesforce Using REST Api?

Step wise breakdown of the authentication flow:

  1. The endpoint for the web server authentication flow is : https://login.salesforce.com/services/oauth2/authorize

 

Parameter          Description

response_type Must be code for this authentication flow.

client_id               The Consumer Key from the connected app definition.

redirect_uri        The Callback URL from the connected app definition.

 

Example authorization url will look something like this:

 

https://login.salesforce.com/services/oauth2/authorize?response_type=code

&client_id=3MVG9lKcPoNINVBIPJjdw1J9LLM82HnFVVX19KY1uA5mu0QqEWhqKpoW3svG3X

HrXDiCQjK1mdgAvhCscA9GE&redirect_uri=https%3A%2F%2Fwww.mysite.com%2F

code_callback.jsp&state=mystate

  1. User login on this url with their credentials and will interact with the endpoint directly and therefore application never sees user’s credentials. After successful log in, user would be asked to authorise the app and this step is skipped if already authorised before.
  2. After confirmation from Salesforce the client application will get authorized and end-user’s Web browser would be redirected to the callback URL specified by the redirect_uri parameter. The authorization information is appended by Salesforce to the redirect URL with the following values:

Parameters        Description

code      Authorization code the consumer must use to obtain the access and refresh tokens.

state      The state value that was passed in as part of the initial request, if applicable.

 

E.g.

https://www.mysite.com/authcode_callback?code=aWekysIEeqM9PiT

hEfm0Cnr6MoLIfwWyRJcqOqHdF8f9INokharAS09ia7UNP6RiVScerfhc4w%3D%3D

  1. Application is able to extract the aut code from the return url and then use this code to further fetch the access token and refresh token from the salesforce token request end point.

End point: https://login.salesforce.com/services/oauth2/token

 

Parameter          Description

grant_type         Value must be authorization_code for this flow.

client_secret      The Consumer Secret from the connected app definition.

client_id               The Consumer Key from the connected app definition.

redirect_uri        The Callback URL from the connected app definition.

code      Authorization code the consumer must use to obtain the access and refresh tokens

 

E.g.

 

 

POST /services/oauth2/token HTTP/1.1

Host: login.salesforce.com

grant_type=authorization_code&code=aPrxsmIEeqM9PiQroGEWx1UiMQd95_5JUZ

VEhsOFhS8EVvbfYBBJli2W5fn3zbo.8hojaNW_1g%3D%3D&client_id=3MVG9lKcPoNI

NVBIPJjdw1J9LLM82HnFVVX19KY1uA5mu0QqEWhqKpoW3svG3XHrXDiCQjK1mdgAvhCs

cA9GE&client_secret=1955279925675241571&

redirect_uri=https%3A%2F%2Fwww.mysite.com%2Fcode_callback.jsp

 

  1. Successful request will return the following information from the salesforce.

 

Parameters        Description

access_token    Access token that acts as a session ID that the application uses for making requests. This token should be protected as though it were user credentials.

refresh_token  Token that can be used in the future to obtain new access tokens.

instance_url       Identifies the Salesforce instance to which API calls should be sent.

id                            Identity URL that can be used to both identify the user as well as query for more information about the user. Can be used in an HTTP request to get more information about the end user.

 

E.g. of the Raw JSON response

 

{“id”:”https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P”,

“issued_at”:”1278448101416″,

“refresh_token”:”5Aep8614iLM.Dq661ePDmPEgaAW9Oh_L3JKkDpB4xReb54_

pZebnUG0h6Sb4KUVDpNtWEofWM39yg==”,

“instance_url”:”https://***yourInstance***.salesforce.com/”,

“signature”:”CMJ4l+CCaPQiKjoOEwEig9H4wqhpuLSk4J2urAe+fVg=”,

“access_token”:”00Dx0000000BV7z!AR8AQP0jITN80ESEsj5EbaZTFG0R

NBaT1cyWk7TrqoDjoNIWQ2ME_sTZzBjfmOE6zMHq6y8PIW4eWze9JksNEkWUl.Cju7m4″}

  1. The information received in the previous step is further used to make the authenticated REST Api calls.

This is the web server Authentication Flow used by Salesforce

Further we will discuss about the other two authentication flow.

 

Also, Have a look at the below resources:

  1. Best Salesforce Interview Questions book with Apex and Visualforce concept explained

Also, Have a look at the below learning resources:

  1. SOQL (Salesforce Object Query Language)

  2. Apex Trigger Best Practices and the Trigger Framework

  3. Salesforce Interview Question and Answers Part 2

  4. Salesforce Interview Questions on Test Class

  5. Salesforce-lightning-interview-questions-2018

     6. Salesforce Interview Questions Batch Class 

About Sumit Datta

Sumit Datta
I am a 3x Certified Salesforce developer with overall 5 years of IT experience and 3 years of Implementation experience in Salesforce. I am here to share my knowledge and help Beginners in Salesforce to understand the concepts of Apex, Visualforce, Salesforce Lightning and Salesforce Configuration.

Check Also

MODAL Box

How to create a Modal box in Lightning Component?

How to create a Modal box in Lightning Component? In this post we are going …

Salesforce Lightning Training

How to send parameters in AuraEnabled methods in Salesforce Lightning Components?

How to send parameters in AuraEnabled methods in Salesforce Lightning Components? Passing value to and …

Salesforce Lightning Tutorials

How to use lightning accordion

How to use lightning accordion and how to dynamically add accordion section in lightning. In …

Salesforce Lightning Tutorial

How to fetch and display list of records in Lightning Component

How to fetch and display list of records in Lightning Component? In this post we …

Leave a Reply

Your email address will not be published. Required fields are marked *