function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
mandycmandyc 

Authentication - OAuth or Session ID

Hi,

 

I've written my first REST API class and now I need to understand how an external application can authenticate with my Salesforce instance and call the class. As I understand it, OAuth presents an actual login screen where someone needs to manually type in credentials, is this correct? If so, it looks like I need to have the external application authenticate via a Session ID.

 

The REST API documentation mentions "you can use a session ID instead of an OAuth 2.0 access token if you aren't handling someone else's password". I don't understand what this means. Can anyone explain this?

 

Also, if anyone can share a small snippet of code that authenticates (without a login screen) with SF and calls a REST Apex Class I would greatly appreciate it!!

 

Thanks in advance.

Best Answer chosen by Admin (Salesforce Developers) 
InteractiveLogicInteractiveLogic

Hi mandyc, if you navigate over to that the thread in which I posted my question, Scott_VS provided a good answer: 

 

You can obtain an OAuth token if you supply the username / password, although it's not recomended:

https://na12.salesforce.com/help/doc/en/remoteaccess_oauth_username_password_flow.htm

 

That page in the docs shows you how to connect using username and password authentication with oAuth.

 

Hope this helps, and thanks to Scott_VS!

All Answers

Anup JadhavAnup Jadhav

I've written my first REST API class and now I need to understand how an external application can authenticate with my Salesforce instance and call the class. As I understand it, OAuth presents an actual login screen where someone needs to manually type in credentials, is this correct? If so, it looks like I need to have the external application authenticate via a Session ID.


I think if you are interested in OAuth, then you should start by understanding how OAuth works. There are plenty of links and implementation references on the official OAuth website

 

You don't necessarily have to go through the login screen as long as you have the consumer key, consumer secret, OAuth token, OAuth token secret. You can get this from the OAuth provider i.e. twitter or facebook. But it also really depends on your use case. 

 

1. Are you trying to authenticate your application on Force.com?

2. Are you authenticating external users using OAuth? <- in this instance the user will be optionally presented with the twitter or facebook login page (if they are not already logged int) to be authenticated by the provider.

 

There is a wealth of information out there on how oauth implementation works(Google is your friend). You can also check out the Force.com OAuth playground packager, and some developer videos on youtube.

 

Hope this helps!

 

Thanks,

Anup

mandycmandyc

Thank you for your reply, Anup.

 

I have reviewed a wealth of information regarding oAuth; however, I have not found an example where an external application authenticates with a Salesforce app _without_ a login screen.

 

To answer your questions:

1. Yes, I would like a website hosted elsewhere to authenticate with Force.com

2. Yes, I would like an external website to authenticate with Force.com without a login screen.

 

 

SuperfellSuperfell

You can use the OAuth2 username/password flow to programatically authenticate. there are details in the oauth docs, and samples in the rest api docs, and the rest forum.

Anup JadhavAnup Jadhav

Take a look at this webinar. This should help you.

 

http://wiki.developerforce.com/page/Webinar:Social_Sign-On_with_Authentication_Providers_(2012-Apr)

 

Regards,

Anup

mandycmandyc

I don't see how Auth Providers could help me. I need a standard website (not Facebook, Janrain or other Salesforce instance) to authenticate with Salesforce. Let me know if I missed a key point in the webinar.

Thanks!

InteractiveLogicInteractiveLogic

Hi mandyc - 

 

Did you happen to get this issue resolved? I have the same type of problem, mentioned here:

 

Apex REST API Authentication

 

 

...though as you can see I was interested in using Apex REST API - is that what you were doing as well? Exposing custom methods?

 

Basically I want to avoid having a user go through a Salesforce.com login page, but would like to call my own custom Apex-based web service methods.

InteractiveLogicInteractiveLogic

Hi mandyc, if you navigate over to that the thread in which I posted my question, Scott_VS provided a good answer: 

 

You can obtain an OAuth token if you supply the username / password, although it's not recomended:

https://na12.salesforce.com/help/doc/en/remoteaccess_oauth_username_password_flow.htm

 

That page in the docs shows you how to connect using username and password authentication with oAuth.

 

Hope this helps, and thanks to Scott_VS!

This was selected as the best answer
mandycmandyc

Thanks, InteractiveLogic for sharing your findings. SimonF also pointed me in the same direction earlier in this thread. Thanks much!