General Notes

Salesforce Authentication Guide Using HTTP Requests

This guide provides detailed instructions for authenticating with Salesforce using HTTP requests. It includes generating and retrieving the required tokens through various steps and scripts.

Overview of Steps

1. Generate Authorization Code

Description

This step generates an authorization code using PKCE (Proof Key for Code Exchange).

Steps Before Sending the Request

Generate the code_verifier and code_challenge using the following script:

function generateCodeVerifier() {
    return generateRandomString(96);
}

function generateRandomString(length) {
    var text = "";
    var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    for (var i = 0; i < length; i++) {
        text += possible.charAt(Math.floor(Math.random() * possible.length));
    }
    return text;
}

function generateCodeChallenge(code_verifier) {
    return CryptoJS.SHA256(code_verifier);
}

function base64URL(string) {
    return string.toString(CryptoJS.enc.Base64).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
}

var verifier = base64URL(generateCodeVerifier());
var challenge = base64URL(generateCodeChallenge(verifier));

// Store verifier and challenge in your system or application as needed

Request Configuration

• Method: POST
• URL:
  https://{your-host}/shopper/auth/v1/organizations/{organization-id}/oauth2/login?client_id={client-id}&channel_id={channel-id}&redirect_uri={redirect-url}&code_challenge={code-challenge}

• Headers:
  Content-Type: application/x-www-form-urlencoded

• Authentication: Use Basic Authentication with the user’s login and password.

Steps After Receiving the Response

Extract the authorization code and user session ID (usid) from the response headers or body:

// Example for 303 status with redirect
let location = responseHeaders["Location"].split('?');
let params = location[1].split('&');
let code = params.pop().substring(5);
let usid = params[0].substring(5);

// Save the code and usid as needed for the next steps

2. Exchange Authorization Code for Access Token

Description

This step exchanges the authorization code for an access token.

Steps Before Sending the Request

Ensure the auth_code from the previous step is available.

console.log("Authorization code: " + auth_code);

Request Configuration

• Method: POST
• URL:
  https://{your-host}/shopper/auth/v1/organizations/{organization-id}/oauth2/token

• Headers:
  Content-Type: application/x-www-form-urlencoded

• Body:
  code={auth-code}&grant_type=authorization_code_pkce&redirect_uri={redirect-url}&code_verifier={code-verifier}&channel_id={channel-id}&client_id={client-id}&usid={usid}

Steps After Receiving the Response

Extract and store the access and refresh tokens from the response.

let jsonBody = JSON.parse(responseBody);
let accessToken = jsonBody.access_token;
let refreshToken = jsonBody.refresh_token;
let customerId = jsonBody.customer_id;
let usid = jsonBody.usid;

// Store these values securely for subsequent requests

3. Use Refresh Token to Obtain New Access Token

Description

This step uses the refresh_token to obtain a new access token.

Request Configuration

• Method: POST
• URL:
  https://{your-host}/shopper/auth/v1/organizations/{organization-id}/oauth2/token

• Headers:
  Content-Type: application/x-www-form-urlencoded

• Body:
  refresh_token={refresh-token}&grant_type=refresh_token&client_id={client-id}

Steps After Receiving the Response

Extract and store the new tokens from the response.

let jsonBody = JSON.parse(responseBody);
let accessToken = jsonBody.access_token;
let refreshToken = jsonBody.refresh_token;
let customerId = jsonBody.customer_id;
let usid = jsonBody.usid;

// Update stored tokens as needed