Apex Code Development You need to sign in to do that
Don't have an account?
Jordan Vasquez Best OAuth Method for Authenticating Installations
Hello Salesforce Dev Community,
My company is currently trying to establish an integration between our own program and a custom Salesforce Connected App and we hit a bit of a snag. A bit of backstory on the problem...
My company is currently trying to set up a integration with a custom Salesforce Connected App. This integration would require a Community User to authenticate with Salesforce using a form of OAuth2. This integration would communicate with an installed program on a Windows device. The installed program on the Windows device would need to be able to communicate with Salesforce on a daily basis to retrieve updated Account and User information based on the User that authenticated the installed program. We currently have a contract with Salesforce that allows for only 5,000 monthly community logins.
We have currently developed a solution that accomplishes our need by using the User-Agent OAuth2 flow (documentation here). We have a timeout value for the Access Token set for 24 hours. We have set the refresh token to expire every 90 days, requiring the user to re-authenticate with Salesforce again once expired. In this current state flow, we are requesting a refresh token and access token when a user first logs in and authorizes the Connected App. Afterwards, the program would communicate with Salesforce everyday, requesting a new access token using the refresh token on a daily basis as the prior access token expired. This would continue until the refresh token expired, requiring the user to log in again.
While this has worked for its intended purpose, we have noticed that using the refresh token to obtain a new access token counts as a login toward our monthly limit. We possibly have the need to have 100 programs or installations authenticate with Salesforce every month, which would come out to a value of 3,000 logins every month from the integration. We currently have a mean value of around 3,200 logins per month already, not counting the additional 3,000 logins that would be added due to the integration. This would put us over our 5,000 monthly limit.
One solution that we thought of was to create a "heartbeat" from our program to Salesforce that would communicate every 12 hours. This "heartbeat" would allow us to keep the access token alive for a longer period of time, as according to this answer in the community, access tokens don't necessarily expire if they are continually used.
But I wanted to reach out to the community and see if there is another method/way to go about this that we are missing. Does anyone have any experience with this sort of integration?
Any information is much appreciated, thanks!
Jordan
My company is currently trying to establish an integration between our own program and a custom Salesforce Connected App and we hit a bit of a snag. A bit of backstory on the problem...
My company is currently trying to set up a integration with a custom Salesforce Connected App. This integration would require a Community User to authenticate with Salesforce using a form of OAuth2. This integration would communicate with an installed program on a Windows device. The installed program on the Windows device would need to be able to communicate with Salesforce on a daily basis to retrieve updated Account and User information based on the User that authenticated the installed program. We currently have a contract with Salesforce that allows for only 5,000 monthly community logins.
We have currently developed a solution that accomplishes our need by using the User-Agent OAuth2 flow (documentation here). We have a timeout value for the Access Token set for 24 hours. We have set the refresh token to expire every 90 days, requiring the user to re-authenticate with Salesforce again once expired. In this current state flow, we are requesting a refresh token and access token when a user first logs in and authorizes the Connected App. Afterwards, the program would communicate with Salesforce everyday, requesting a new access token using the refresh token on a daily basis as the prior access token expired. This would continue until the refresh token expired, requiring the user to log in again.
While this has worked for its intended purpose, we have noticed that using the refresh token to obtain a new access token counts as a login toward our monthly limit. We possibly have the need to have 100 programs or installations authenticate with Salesforce every month, which would come out to a value of 3,000 logins every month from the integration. We currently have a mean value of around 3,200 logins per month already, not counting the additional 3,000 logins that would be added due to the integration. This would put us over our 5,000 monthly limit.
One solution that we thought of was to create a "heartbeat" from our program to Salesforce that would communicate every 12 hours. This "heartbeat" would allow us to keep the access token alive for a longer period of time, as according to this answer in the community, access tokens don't necessarily expire if they are continually used.
But I wanted to reach out to the community and see if there is another method/way to go about this that we are missing. Does anyone have any experience with this sort of integration?
Any information is much appreciated, thanks!
Jordan