You need to sign in to do that
Don't have an account?
raj kiran
User-Agent OAuth Authentication Flow CORS
Hi All,
We are using the User-Agent OAuth Authentication Flow so that vendors can insert the data from thier internal/exteranal sites buy using simple insert rest api endpoint call using javascript/ajax calls.
we have shared the sample endpoint for authorization like
https://login.salesforce.com/services/oauth2/authorize?response_type=token&
client_id=3MVG9lKcPoNINVBIPJjdw1J9LLJbP_pqwoJYyuisjQhr_LLurNDv7AgQvDTZwCoZuD
ZrXcPCmBv4o.8ds.5iE&redirect_uri=https%3A%2F%2Fwww.mysite.com%2Fuser_callback.jsp&
state=mystate
so vendors would call the above endpoint and grant authorization like accept/reject pop getting displayed in thier front end screens for first time call,On sucessfully redirection. the screen gets redirect to redirect url mentioned in connected app.
we have mentioned that redirect url as www.vendordoamin.page/sfdc.jsp. where sfdc.jsp is the page where user submited the date from. so when user authorizes via pop, the sfdc authorization servers should respond back with access token.
Once the access token is received vendor should store the access through out the request and should use the same to insert the custom lead data via standard rest url generated via workbench.
If incase the access token is expired , the request should be made to below url to get new token
POST /services/oauth2/token HTTP/1.1
Host: https://test.salesforce.com/
grant_type=refresh_token&client_id=3MVG9lKcPoNINVBIPJjdw1J9LLM82HnFVVX19KY1uA5mu0
QqEWhqKpoW3svG3XHrXDiCQjK1mdgAvhCscA9GE&client_secret=111111111121111
&refresh_token=your token here
We have used this apporach so that we can share authorize endpoint and code, simple authorization inputs from front end user when submitting data, and then system inserting data to sfdc.
(we want this simple approach so that many other vendor can simple insert our rest api code and can insert data)
Since the vendors are unable to test or help us with sfdc support I am bangging my head to replicate this cors issue in sfdc side. like
Now for the problems
-- for the first time vendors were able to authorize
-- they got access token, however the second time for refreshing acess tokens they are getting CORS errors and unable to proceed further.
-- how do i actually replicate the issue ? i had minimum expeirence in java web apps, but developing java based web app like using jsp,
tomcat and rest webservice is only the way to replicate the cors issue?
-- there are many sample codes but using maven/jaxb/some other rest api in eclipse /configuring buildpath is all hell for me.
-- Is there any other way to test User-Agent OAuth Authentication Flow ??
-- if testing only via creation java project etc can anyone share any sample code/ eclipse configurtaion.
** already whitelisted vendors domain in CORS option in saleforce.
We are using the User-Agent OAuth Authentication Flow so that vendors can insert the data from thier internal/exteranal sites buy using simple insert rest api endpoint call using javascript/ajax calls.
we have shared the sample endpoint for authorization like
https://login.salesforce.com/services/oauth2/authorize?response_type=token&
client_id=3MVG9lKcPoNINVBIPJjdw1J9LLJbP_pqwoJYyuisjQhr_LLurNDv7AgQvDTZwCoZuD
ZrXcPCmBv4o.8ds.5iE&redirect_uri=https%3A%2F%2Fwww.mysite.com%2Fuser_callback.jsp&
state=mystate
so vendors would call the above endpoint and grant authorization like accept/reject pop getting displayed in thier front end screens for first time call,On sucessfully redirection. the screen gets redirect to redirect url mentioned in connected app.
we have mentioned that redirect url as www.vendordoamin.page/sfdc.jsp. where sfdc.jsp is the page where user submited the date from. so when user authorizes via pop, the sfdc authorization servers should respond back with access token.
Once the access token is received vendor should store the access through out the request and should use the same to insert the custom lead data via standard rest url generated via workbench.
If incase the access token is expired , the request should be made to below url to get new token
POST /services/oauth2/token HTTP/1.1
Host: https://test.salesforce.com/
grant_type=refresh_token&client_id=3MVG9lKcPoNINVBIPJjdw1J9LLM82HnFVVX19KY1uA5mu0
QqEWhqKpoW3svG3XHrXDiCQjK1mdgAvhCscA9GE&client_secret=111111111121111
&refresh_token=your token here
We have used this apporach so that we can share authorize endpoint and code, simple authorization inputs from front end user when submitting data, and then system inserting data to sfdc.
(we want this simple approach so that many other vendor can simple insert our rest api code and can insert data)
Since the vendors are unable to test or help us with sfdc support I am bangging my head to replicate this cors issue in sfdc side. like
Now for the problems
-- for the first time vendors were able to authorize
-- they got access token, however the second time for refreshing acess tokens they are getting CORS errors and unable to proceed further.
-- how do i actually replicate the issue ? i had minimum expeirence in java web apps, but developing java based web app like using jsp,
tomcat and rest webservice is only the way to replicate the cors issue?
-- there are many sample codes but using maven/jaxb/some other rest api in eclipse /configuring buildpath is all hell for me.
-- Is there any other way to test User-Agent OAuth Authentication Flow ??
-- if testing only via creation java project etc can anyone share any sample code/ eclipse configurtaion.
** already whitelisted vendors domain in CORS option in saleforce.
Verify the CORS entry again. The domain should be same in CORS and Callback URL. If you omit the www in CORS but have in callback url then you will get CORS error.
follow this steps to replicate
Let me know if this helps.