Connected App with OAuth Prerequisites

You can use a Salesforce connected app to use OAuth 2.0 to connect to Salesforce. Before using OAuth 2.0 to connect to Salesforce, complete the following tasks:

  1. Generate an X.509 public key certificate and private key to use with the connected app.

    For steps on how to generate a self-signed certificate and private key, see the Salesforce documentation.

  2. Create a Salesforce connected app and copy the generated consumer key and consumer secret. For details, see the Salesforce documentation.

    You can use the same connected app for multiple Salesforce stages and pipelinesconnections, as appropriate.

  3. To specify whether Salesforce users must authorize the app, in the app, click Manage, then Edit Policies.

    Under OAuth policies, for the Permitted Users property, choose one of the following options:

    • All users may self-authorize - Requires all users to authorize the app the first time they access it. This is the default option.
    • Admin approved users are pre-authorized - Allows users with the associated profile or permission set to access the app without first authorizing it. Be sure to assign profiles or permission sets to the app if you select this option.

    For more information, see the Salesforce documentation.

  4. If users must self-authorize, use the Salesforce CLI or curl to authorize the app.

    For information about using the Salesforce CLI to authorize the app, see "Run the auth:jwt:grant CLI Command" in the Salesforce documentation.

    To use curl to authorize the app, perform the following steps:
    1. Use the consumer key from the app in the following curl command:
      curl -X GET -D - -o /dev/null "https://login.salesforce.com/services/oauth2/authorize?response_type=code&redirect_uri=https://login.salesforce.com/services/oauth2/success&client_id=<CONSUMER_KEY>"
    2. In your browser, go to the URL in the command and complete the OAuth workflow to authenticate the user.

      This redirects you to a URL with a code parameter.

    3. Copy the code and use it, as well as the consumer key and consumer secret, in the following command:
      curl -X POST "https://login.salesforce.com/services/oauth2/token?grant_type=authorization_code&redirect_uri=https://login.salesforce.com/services/oauth2/success&client_secret=<CONSUMER_SECRET>&client_id=<CONSUMER_KEY>&code=<CODE>"