1 Reply Latest reply on Mar 24, 2017 10:22 AM by Yogi S

    Utilize Salesforce OAuth Refresh Token for Authentication

    Rich Bateman Seasoned Veteran

      Use Case

      Authenticate using OAuth to obtain a valid access token while not storing any credentials (username, password and security token) within ICRT.  The access token obtained will be consumed by a multitude of processes that require authentication back to Salesforce to access Force.com resources. 


      Refresh Token

      The refresh token may have an indefinite lifetime, persisting for an admin-configured interval or until explicitly revoked by the end-user. The client application can store the refresh token, using it to periodically obtain fresh access tokens, but should be careful to protect it against unauthorized access, since, like a password, it can be repeatedly used to gain access to the resource server.

      Since refresh tokens may expire or be revoked by the user outside the control of the client application, the client must handle failure to obtain an access token, typically by replaying the protocol from the start.

      The refresh_token can only be Revoked by an Admin of the Salesforce org.  If the refresh_token is revoked the steps (1 thru 3) defined must be manually performed again to retrieve a new refresh_token.



      Create New Connected App


      Navigate to Setup -> Create -> Apps and click New under Connected Apps





      Configure your connected app with the following values:

      Connected App Name<User Defined>
      Enable OAuth SettingsChecked
      Callback URLhttps://login.salesforce.com/services/oauth2/callback
      Selected OAuth Scopes

      Access and manage your data(api)

      Perform requests on your behalf at any time(refresh_token, offline_access)

      Require Secret for Web Server FlowChecked


      Click Save





      Retrieve Consumer Key


      You will use this key to invoke the Authorization of the application.




      You must wait 2-10 minutes before running your guide.



      Run the Guide

      When prompted, enter the Consumer Key retrieved from previous step and press Continue.





      You will be prompted to login to your Salesforce Org.  Use credentials that are set with the appropriate permissions for your application.


      Once you have successfully logged in you will be presented a screen to Allow/Deny the access.





      After you Allow access you will be presented with the following in your browser window.  Copy the URL, locate the refresh_token parameter and copy the value to the Connection Properties of your Salesforce-OAuth connector.





      Update the Salesforce-OAuth Connector, save and publish.

      Consumer KeyRetrieved after creating Connected App in previous step.
      Consumer SecretRetrieved after creating Connected App in previous step.
      Refresh TokenRetrieved after performing the Authorization step.




      You can now create a Service Call step in your process







      Salesforce OAuth -   https://developer.salesforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com