OAuth 2.0 to Salesforce without a webpage_问答_开发者

OAuth 2.0 to Salesforce without a webpage

开发者 https://www.devze.com 2023-02-09 14:02 出处：网络

I am trying to connect to Salesforce.com using their OAuth 2.0 interface.I have found solutions like LROAuth2Client that allow me to open a webpage and authenticate like that.But is there a way to do

I am trying to connect to Salesforce.com using their OAuth 2.0 interface. I have found solutions like LROAuth2Client that allow me to open a webpage and authenticate like that. But is there a way to do this all through the backend without going to a webpage first so I can have it more integrated开发者_开发知识库 into the App?

I am new to OAuth so I don't know all the limitations.

Thanks in advance.

Salesforce supports the OAuth2 username/password option, which is all done without a webpage. e.g. using curl you'd do

curl -v https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=xxxxxxxxxx" -d "client_secret=1234567890" -d "username=noreply@salesforce.com" -d "password=XXXXXXXXX"

Having said that, the web/interactive flow is pretty straightforward to use from iOS, using a custom scheme URL for the callback (trying to use a library is possibly making it harder than it actually is). The web based flow is important for users that are configured for alternative authentication flows (e.g. SAML based SSO), which won't work over the username/password flow.

There should be a video online somewhere of the REST & OAuth session from dreamforce'10, where the security PM wrote an iPhone oAuth client based app on stage.

It depends on your goal. One reason for using oauth2 is you want better insight into what is is running. Lets say for example you have many cron API applications all connecting to the same site. In that case, since they are cron applications, you don't even necessarily have a web browser running on your cron servers. You could of course just configure username and password, but then if you have a password reset you have to update all your cron servers, and you don't even necessarily know how many servers that is. Especially if they are coming through a NAT.

In this type of scenario, a very workable solution is to use a visual force page on salesforce as the callback URL. The administrator can login salesforce and then use the visual force page to generate a refresh token, they then hand off for use with the cron job.

You know have oauth 2 in your auditing stage. The token you have handed out, can be restricted to API. And hopefully if salesforce has don't oauth 2 correctly, you can reset the password on the user login as often as need be, without effecting the tokens you have handed out.

Bill

There is one more approach to this. You can visit my site for the approach.