Apex Code Development You need to sign in to do that
Don't have an account?
Deanna Delapasse Sharing Connected Apps Outside An Organization
Working on a cloud app. We develop software that makes calls to 3rd part REST apis (ie Facebook or Twitter) to get/put data under the user's account (using OAuth2 procedures to authorize).
In Salesforce, I created a connected app and it works great for ME. But we tried to use an account that belonged to a different organization and that failed. We were able to login during the OAuth2 token acquisition procedure and received back both access & refresh tokens. However, when we ran the app using that account the token was rejected.
I did some research and it appears that I would need to package my app and have the administrator of the other organization install it. My coworkers are sure that this is wrong and that it should work fine just like FB & Twitter. Am I wrong? If so, any guess why the other user's token failed? Maybe I just need to tweak the app's permissions somehow?
In Salesforce, I created a connected app and it works great for ME. But we tried to use an account that belonged to a different organization and that failed. We were able to login during the OAuth2 token acquisition procedure and received back both access & refresh tokens. However, when we ran the app using that account the token was rejected.
I did some research and it appears that I would need to package my app and have the administrator of the other organization install it. My coworkers are sure that this is wrong and that it should work fine just like FB & Twitter. Am I wrong? If so, any guess why the other user's token failed? Maybe I just need to tweak the app's permissions somehow?
Does the other organization have the Connected App created? You need to create a Connected App in the other organization to be able to update data in that organization.
Thanks,
Shashank
The idea of doing these apps is that you create them only once and use OAuth2 to authorize them into your account. This is how things work in Fb, Twitter, MailChimp, Google and I BELIEVE it should be able to work in SF too.
I noticed on the user whose account didn't work his SF url's came back as v30 and mine are all v29. Not sure if that is important, but seemed like a clue.
Being able to access data from a different org without the org's permission is a security concern. To access another org, you should follow the same procedure as what you do on your own org. Please correct me if I am missing something in my understanding of your requirement.
When the app is invoked the first time, it uses OAuth2 to send a request to salesforce and the user logs into HIS personal account. The app receives back a token for the user that it can use (until expiration) as kind of a proxy for that user.
So, the user logs in and the OAuth procedure also pops up a little 'do you give permission' question which the user answers too - so it is secure.