https://github.com/onify/blueprint-salesforce-generate-access-token
Onify Blueprint: Generate access token for Salesforce API
https://github.com/onify/blueprint-salesforce-generate-access-token
blueprint bpmn flow jwt-authentication jwt-token onify onify-blueprints ouath2 salesforce salesforce-api
Last synced: 10 months ago
JSON representation
Onify Blueprint: Generate access token for Salesforce API
- Host: GitHub
- URL: https://github.com/onify/blueprint-salesforce-generate-access-token
- Owner: onify
- License: mit
- Created: 2021-05-24T11:33:44.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2022-06-23T05:23:13.000Z (about 4 years ago)
- Last Synced: 2025-02-16T17:57:04.398Z (over 1 year ago)
- Topics: blueprint, bpmn, flow, jwt-authentication, jwt-token, onify, onify-blueprints, ouath2, salesforce, salesforce-api
- Language: JavaScript
- Homepage: https://onify.co
- Size: 537 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README

[](https://www.repostatus.org/#wip)

# Onify Blueprint: Generate access token for Salesforce API
This Blueprint shows how we can generate a Salesforce OAuth 2.0 JWT Bearer Access Token. This access token can then be used for any type of Salesforce integration, like listing, creating or updating objects in Salesforce. This workflow is easy reuse in others Salesforce integration workflows.

## Requirements
* Onify Hub v2
* Onify Flow license
* Camunda Modeler 4.4 or later
* OpenSSL
* Salesforce
## Setup
### Salesforce
For information about accessing the Salesforce API, please read [OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration](https://help.salesforce.com/articleView?id=sf.remoteaccess_oauth_jwt_flow.htm&type=5).
#### Prerequisites
Create an RSA x509 private key/certification pair.
```
openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:2048 -keyout salesforce.key -out salesforce.crt
```
The private key (.key) will be used to sign the JWT claim generated by your code. The certificate (.crt) will be uploaded to Salesforce to validate your signed JWT assertions.
#### Application creation
1. Login to salesforce.
1. Go to setup area (gear in the nav in the top right)
1. In the side nav, go to _Apps_ > _App Manager_
1. Click _New Connect App_
1. In the _Basic Information_ section, populate the required fields. The values are for book keeping only and are not part of using the API.
1. In the _API (Enable OAuth Settings)_ section:
1. Check _Enable OAuth Settings_
1. _Callback URL_ is unused in the JWT flow but a value is required nonetheless. Set `http://localhost/`.
1. Check _Use digital signatures_. Upload the _salesforce.crt_ that was generated earlier.
1. For _Selected OAuth Scopes_, add _Access and manage your data (api)_ and _Perform requests on your behalf at any time (refresh_token, offline_access)_
1. Click _Save_. If there are any errors, you have to re-upload _salesforce.crt_.
1. On the resulting app page, click _Manage_.
1. Click _Edit Policies_.
1. In the _OAuth policies_ section, change _Permitted Users_ to _Admin approved users are pre-authorized_.
1. Click _Save_.
1. Back on the app page again, in the _Profiles_ section, click _Manage Profiles_.
1. On the _Application Profile Assignment_ page, assign the user profiles that will have access to this app.
#### OAuth Access Configuration
To use the API, the RSA private key and the _Consumer Key_ (aka client ID) from the Salesforce application are needed.
1. The private key is the key that was generated in the _Prequisite_ section above.
1. To get the Salesforce application _Consumer Key_, do the following
1. Login to salesforce.
1. Go to setup area (gear in the nav in the top right)
1. In the side nav, go to _Apps_ > _App Manager_
1. In the list, find the application that you created in the _App Creation_ section above
1. From the drop down in the application's row, click _View_
1. The _Consumer Key_ is in the _API (Enable OAuth Settings)_ section.
#### Granting access
You now need to grant access for the user that will used to "impersonate" the request. You do this by going to the following URL (replace with client ID):
```
https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://localhost/
```
All done! :-)
### Onify
#### Add Salesforce settings
Add the following settings (via /admin/settings/).
|Key|Value|Example|
|----|----|----|
|key|salesforce_api_settings||
|name|Salesforce settings||
|value|```{ "Username": "", "ClientId": "", "PrivateKey": "", InstanceUrl": "", "InstanceAPIVersion": ""}```|```{ "Username": "user@acme.com", "ClientId": "3MVG9SOw8KERNN0_AsPhKsSl90Shcua5kzyBLGAxWnlD_gUnweQXIA1C8AAg0TlA.Bv5ike0NeSqaKyX6yVYT", "PrivateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgk....\n-----END PRIVATE KEY-----", "InstanceUrl": "https://acme-dev-ed.my.salesforce.com", "InstanceAPIVersion": "v51.0" }```
|tag|frontend,salesforce|
|role|admin|
#### Deploy
1. Open `salesforce-generate-access-token.bpmn` in Camunda Modeler
2. Click `Deploy current diagram` and follow the steps
## Support
* Community/forum: https://support.onify.co/discuss
* Documentation: https://support.onify.co/docs
* Support and SLA: https://support.onify.co/docs/get-support
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.