Welcome to catchontosalesforce!
Description :
The Authorization Code and Credentials flow is especially for customer and partner. you unable to setup this flow for employees accessing the salesforce platform (login.salesforce.com). you can control Front-end and Back-end separately.
For single-page apps, you use a server-side callback endpoint to extract the authorization code, and you perform the code exchange from the browser via client-side JavaScript.
Steps to achieve :
- Create Connected App.
- Create Apex Controller.
- Create JavaScript API.
Create Connected App :
you will create a Connected App with following configuration.
- Enable OAuth Settings - must be enable.
- Callback URL - must be server rest resource URL Like., <Your Experience Site Base URL>/services/apexrest/code/extraction.
- Selected OAuth Scopes - Based on your need.
- Require Secret for Web Server Flow - Must be true.
- Require Secret for Refresh Token Flow - Must be true.
- Enable Client Credentials Flow - Must be true.
- Enable Authorization Code and Credentials Flow - Must be true.
- Permitted Users - Admin approved users are pre-authorized.
Create Apex Controller :
You can create a custom rest resource to receive params (code, sfdc_community_url, sfdc_community_id, scope) and response back to Javascript App. see Apex Rest Resource.
- Headless GET /authorize call with response_type, client_id and redirect_uri.
- Once Succeed, auto-call to redirect_uri (it's point to server-side SF Rest Resource) receive params (code, sfdc_community_url, sfdc_community_id, scope) and response back to JavaScript App.
- In Client-side JavaScript App, we will get code Param and process /token to get access_token to authenticating users and granting access to protected salesforce resource.
GET /authorize call :
POST /token call :
If you have any issue. Just check my Github repository. https://github.com/Priyananth-Salesforce/Headless-SF-Authentication-For-Public-Client.
Thanks
Priyananth
Comments
Post a Comment