DEV Community

DarkEdges
DarkEdges

Posted on

Salesforce Connected App

#salesforce #identitymanager #forgerock

Salesforce has the ability to be provisioned into through a Connected App and an Identity Manager such as the one developed by ForgeRock. FRIM has a connector available that allows you to connect the 2 solution togethor.

The following a guide on how to do this successfully in a minimal way.

Create Salesforce Connected App

  1. Connect to your Saleforce App with an account that has the ability to create a Connect App.
  2. Go to Salesforce Setup https://xxxxxx.develop.lightning.force.com/lightning/setup/NavigationMenus/home
  3. From the left hand side Navigation Menu select under Platform Tools Apps and then App Manager
  4. Next click New Connected App in the top right. Image description
  5. Provide the following details
key value
Connected App Name FRIM
API Name FRIM
Contact Email email@address.com
Enable OAuth Settings Selected
Callback URL http://localhost/frim/callback
Selected OAuth Scopes
  • Perform requests at any time (refresh_token, offline_access)
  • Access the identitu URL Service (id,profile,email,address,phone)
    		•
    Require Proof ket for Code Exhcange (PKCE) Etension for supported Authorization Flow Not Selected
    Request Secret for Web Server Flow Selected
    Require Secret for Refresh Token Flow Not Selected
    Enable Authorization Code and Credential Flows Selected
    Require user credentials in the POST body for Authorization and Credential Flow Selected
    1. Click the Save button.
    2. Click the Continue button.
    3. Click the Manage Consumer Details button.
    4. Enter the OTP they send you and click the Verify Button.
    5. Copy the Consumer Key and Consumer Secret as they are need ed for the next step

    Get Refresh Token

    1. Using the details collected above add them to the following URL in a browser https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=<CONSUMER_KEY>&redirect_uri=http://localhost/frim/callback&scope=id+api+refresh_token
    2. Open the URL in a web browser and if prompted to login use the same credentails as when you created the Connected App.
    3. Click the Allow Button Salesforce Consent Screen - Allow Button
    4. The browser will know habe an entry containg the code. Browser URL Bar containing the code

    Extract and URL Decode it into the following curl command

       curl \
      --verbose \
      --data "grant_type=authorization_code" \
      --data "client_id=<CONSUMER_KEY>" \
      --data "client_secret=<CONSUMER_KEY>" \
      --data "redirect_uri=http://localhost/frim/callback" \
      --data "code=<CODE>" \
      "https://login.salesforce.com/services/oauth2/token"
    Enter fullscreen mode Exit fullscreen mode

    and it will return

       {
       "access_token":"xxxxxx",
       "refresh_token":"xxxxxxxx",
       "signature":"5LEpqlXnyRNXhLwNtoVIdEKjGcn8gNvxg7a4zWK34LY=",
       "scope":"refresh_token id api",
       "instance_url":"https://dxxxxxxx.develop.my.salesforce.com",
       "id":"https://login.salesforce.com/id/xxxxx/xxxxxx",
       "token_type":"Bearer",
       "issued_at":"1723869878461"
   }
    Enter fullscreen mode Exit fullscreen mode
    1. Extract and sabe the access_token and refresh_token details for later use in a ForgeRock Identity Manager configuration.

    Top comments (0)