General Notes
Salesforce Authentication Guide Using HTTP Requests
This guide provides detailed instructions for authenticating with Salesforce using HTTP requests. It includes generating and retrieving the required tokens through various steps and scripts.
Overview of Steps
1. Generate Authorization Code
Description
This step generates an authorization code using PKCE (Proof Key for Code Exchange).
Steps Before Sending the Request
Generate the code_verifier
and code_challenge
using the following script:
function generateCodeVerifier() { return generateRandomString(96); } function generateRandomString(length) { var text = ""; var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; for (var i = 0; i < length; i++) { text += possible.charAt(Math.floor(Math.random() * possible.length)); } return text; } function generateCodeChallenge(code_verifier) { return CryptoJS.SHA256(code_verifier); } function base64URL(string) { return string.toString(CryptoJS.enc.Base64).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_'); } var verifier = base64URL(generateCodeVerifier()); var challenge = base64URL(generateCodeChallenge(verifier)); // Store verifier and challenge in your system or application as needed
Request Configuration
- Method:
POST
- URL:
https://{your-host}/shopper/auth/v1/organizations/{organization-id}/oauth2/login?client_id={client-id}&channel_id={channel-id}&redirect_uri={redirect-url}&code_challenge={code-challenge}
- Headers:
Content-Type: application/x-www-form-urlencoded
- Authentication: Use Basic Authentication with the user’s login and password.
Steps After Receiving the Response
Extract the authorization code and user session ID (usid
) from the response headers or body:
// Example for 303 status with redirect let location = responseHeaders["Location"].split('?'); let params = location[1].split('&'); let code = params.pop().substring(5); let usid = params[0].substring(5); // Save the code and usid as needed for the next steps
2. Exchange Authorization Code for Access Token
Description
This step exchanges the authorization code for an access token.
Steps Before Sending the Request
Ensure the auth_code
from the previous step is available.
console.log("Authorization code: " + auth_code);
Request Configuration
- Method:
POST
- URL:
https://{your-host}/shopper/auth/v1/organizations/{organization-id}/oauth2/token
- Headers:
Content-Type: application/x-www-form-urlencoded
- Body:
code={auth-code}&grant_type=authorization_code_pkce&redirect_uri={redirect-url}&code_verifier={code-verifier}&channel_id={channel-id}&client_id={client-id}&usid={usid}
Steps After Receiving the Response
Extract and store the access and refresh tokens from the response.
let jsonBody = JSON.parse(responseBody); let accessToken = jsonBody.access_token; let refreshToken = jsonBody.refresh_token; let customerId = jsonBody.customer_id; let usid = jsonBody.usid; // Store these values securely for subsequent requests
3. Use Refresh Token to Obtain New Access Token
Description
This step uses the refresh_token
to obtain a new access token.
Request Configuration
- Method:
POST
- URL:
https://{your-host}/shopper/auth/v1/organizations/{organization-id}/oauth2/token
- Headers:
Content-Type: application/x-www-form-urlencoded
- Body:
refresh_token={refresh-token}&grant_type=refresh_token&client_id={client-id}
Steps After Receiving the Response
Extract and store the new tokens from the response.
let jsonBody = JSON.parse(responseBody); let accessToken = jsonBody.access_token; let refreshToken = jsonBody.refresh_token; let customerId = jsonBody.customer_id; let usid = jsonBody.usid; // Update stored tokens as needed