Saturday 15 December 2012

Oauth 2.0 Salesforce Using REST Console of Chrome Browser


Earlier in one of my blog post i had demonstrated on how to use Mozilla Poster tool to verify the REST API calls of the salesforce.

Using Chrome REST console has several advantages than poster mozilla .The response can be seen in both JSON and XML and also the concept of oauth 2.0 also can be practically understood .

There are very good articles on 2.0 on the developer.force.com and here is the link Digging deeper into Oauth 2.0

The workbench.developerforce.com has an excellent REST utility which helps in quick verification of Restful Apex services or even standard REST API exposed by the salesforce .One major disadvantage of this is since the oauth happens automatically the conceptual knowledge on how oauth 2.0 works is hidden .

In this blog post we will use the REST Console of the chrome and first get the oauth token from the salesforce instance and then will invoke the REST service from the salesforce .

Step 1-Getting oauth token from salesforce instance 

First step is to set up the remote access settings so that we can obtain the Client secret as well as the clientId

Click On image to View on ful

Step-2-Using the POST call to access the Oauth token from the salesforce 

The payload will be in XML and here is the format of the payload

grant_type=password&client_id=<your_client_id>&client_secret=<your_client_secret>&username=<your_username>&password=<your_password>

where client id,client secret you will get from your remote access settings and please append security token if you are making from unautorized IP range .Please use appropriate User Name and Password

The target URL to obtain token from the salesforce is as follows 



Use this first as a request URL to get access token .Please use test.salesforce.com for sandbox







Step-3:Making a POST request will yield the JSON with token and here is the snapshot of the issued token from salesforce 












JSON Response Obtained From Server:

{
    "id": "https://login.salesforce.com/id/00D90000000aRkLEAU/00590000000HI32AAG",
    "issued_at": "1355574766264",
    "instance_url": "https://ap1.salesforce.com",
    "signature": "LfOtSilg0GXb8NMO2YwcFvDTjRf8Ml0+jxI3XOozmuw=",
    "access_token": "00D90000000aRkL!ARIAQLLtJXpuyCteMrXEbkbEi6qZcgUhkeaK6_.Yqrxlz8JeOn"
}
The access_token parameter contains the access token can be used in header to access the services

Step 4-The access token is used along with bearer word in the authorisation header to access any rest service.the snapshot shows where the access token needs to be entered in REST console

Click on image to View Full Screen


The response obtained can be changed to XML or JSON using the REST console.
Click on image to View Full Screen





1 comment:

  1. Check out our video for the implementation of spring security with spring boot. This OAuth security video takes you through a simple application to generate OAuth tokens.

    ReplyDelete

Introducing Lightning Base Components

Lightning Base Components are great addition to the platform and in fact revolutionary .One of the concerns around lightning component ...