Authentication in Salesforce Stages
- Basic Authentication
- You can specify a user name and password to use for basic authentication with Salesforce.
- Connected App with OAuth
- You can configure a Salesforce stage to connect to Salesforce using OAuth 2.0. The stage then uses an OAuth-enabled Salesforce connected app and the Salesforce implementation of JWT Bearer Flow to enable machine-to-machine OAuth.
Connected App with OAuth Prerequisites
You can use a Salesforce connected app to use OAuth 2.0 to connect to Salesforce. Before using OAuth 2.0 to connect to Salesforce, complete the following tasks:
- Generate an X.509 public key certificate and private key to use with the
connected app.
For steps on how to generate a self-signed certificate and private key, see the Salesforce documentation.
- Create a Salesforce connected app and copy the generated consumer key and
consumer secret. For details, see the Salesforce documentation.
You can use the same connected app for multiple Salesforce stages and pipelines, as appropriate.
- To specify whether Salesforce users must authorize the app, in the app, click
Manage, then Edit Policies.
Under OAuth policies, for the Permitted Users property, choose one of the following options:
- All users may self-authorize - Requires all users to authorize the app the first time they access it. This is the default option.
- Admin approved users are pre-authorized - Allows users with the associated profile or permission set to access the app without first authorizing it. Be sure to assign profiles or permission sets to the app if you select this option.
For more information, see the Salesforce documentation.
- If users must self-authorize, use the Salesforce CLI or curl to authorize the
app.
For information about using the Salesforce CLI to authorize the app, see "Run the
auth:jwt:grant
CLI Command" in the Salesforce documentation.To use curl to authorize the app, perform the following steps:- Use the consumer key from the app in the following curl
command:
curl -X GET -D - -o /dev/null "https://login.salesforce.com/services/oauth2/authorize?response_type=code&redirect_uri=https://login.salesforce.com/services/oauth2/success&client_id=<CONSUMER_KEY>"
- In your browser, go to the URL in the command and complete the OAuth
workflow to authenticate the user.
This redirects you to a URL with a
code
parameter. - Copy the code and use it, as well as the consumer key and consumer
secret, in the following
command:
curl -X POST "https://login.salesforce.com/services/oauth2/token?grant_type=authorization_code&redirect_uri=https://login.salesforce.com/services/oauth2/success&client_secret=<CONSUMER_SECRET>&client_id=<CONSUMER_KEY>&code=<CODE>"
- Use the consumer key from the app in the following curl
command: