Development, Integration

[ART-013] Node.JS OAuth2 on Heroku with Salesforce


OAuth Flow is a web authentication method that enables one user to authenticate in Salesforce in a secured way. In this post, I will demonstrate how to use Salesforce as identity provider for a Node.JS app hosted on Heroku.


Prerequisites

Before starting, there are few things to setup:

  • An Heroku free account
  • A Salesforce Sandbox
  • A simple Node.JS app that I’ve developed for the purpose of the demo
https://github.com/sutha2k/authNodeSF/releases/tag/v1.1

Step 1

Now it’s time to open your Salesforce Developer Edition instance and create a new Connected App.

SettingValue
SettingValue
Connected App NameNodeHeroku Integration
API NameNodeHerokuIntegration
Contact Emailintegration@yourmail.com
Enable OAuth SettingsChecked
Use digital signaturesNot Checked
Callback URLhttps:// <your heroku instance> /oauth2/success
scopeAccess your basic information (id, profile, email, address, phone) , Perform requests on your behalf at any time (refresh_token,offline_access)
run asChoose an integration user

Save the new Connected App and wait a few minutes (2-10mn really it won’t work otherwise), and then copy the generated consumer key, consumer secret and callback url that will be used in next steps.

Step 2

Click on Manage and then edit policies and make sure you have the following options :

  • Admin approved users are pre-authorized
  • Enforce IP restrictions

Then Click on manage profile and Select System Administratror and whatever profile you need.

Step 3

Create or use your heroku account

https://id.heroku.com/login

Then create a new app:

Go to Settings and click on “Reveal Config Vars“:

Provide the following information from you Salesforce org by creating new config vars:

If you want to run the application locally, you will need to create a file named “.env” containing those key/value pairs and set the SERVER_ENV to “local“. The file should be placed at project level.

Step 4

Now it’s time to connect to your github repo with heroku, so you can commit and deploy your project directly:

Choose the repo containing the project and click on “Connect“. Alternatively, you can use Heroku Toolbelt to push local files.

Choose Manual deploy, select the branch you want and then click on “Deploy Branch“. Your github project will be then deployed to Heroku.

You can now click on “View” to open your running app on Heroku. You will get a simple page with the following message:

Welcome to Node.JS Auth with Salesforce

Step 5

You can now play with the available services.

First, get the authorization code. It will redirect you to Salesforce authentication page where you need to enter your login/password.

https://<your app>.herokuapp.com/oauth2/authorize

Once validated, you will be redirected back to Heroku where you can get the code:

{"code":"<returned code>"}

You can now get your access token and instance url:

curl --location --request POST 'https://<your app>.herokuapp.com/oauth2/token?code=<returned code>'

Be aware of encoding any special characters, you will get the response for using it with secured endpoints:

{
    "instance_url": "<your salesforce instance url>",
    "access_token": "<your access token>"
}

Alternatively, you can call the following endpoint to get the same response but it’s not recommended (just for testing purpose):

curl --location --request GET 'https://<your app>.herokuapp.com/oauth2/login?username=<your username>&password=<your password and token>'

You can now call a secured endpoint with your instance url and bearer:

curl --location --request GET 'https://<your app>.herokuapp.com/secured' \
--header 'instanceurl: <your SF instance url>' \
--header 'bearer: <your access token>'

The app will display:

Accessing secured resource

Step 6

Wondering how all is wired ? Here’s an explanation of the design I’ve chosen to implement:

Green paths are public to access non secured resources while red paths are protected and need user to be authenticated. Every time an user accesses a protected resource, the app will verify his identity by checking the validity of the provided token against Salesforce. If the token is still valid and user is recognized by Salesforce then the route will open otherwise he will get an access error. The green paths here allow user to get the token by identifying himself in Salesforce.

The Node.JS app uses some dependencies:

  • Express : to enable webapps and routes
  • JSForce : library to integrate with Salesforce authentication endpoints
  • dotEnv : to enable environment variables

Conclusion

This was my first attempt to code a Node.JS app and I’m really happy to make it work for an interesting use case involving Heroku and Salesforce. There are lot of connectors in the market that you can use for enterprise level design and use cases, but here the goal was to achieve a small challenge.

Hope you enjoy reading this article, see you soon for the next one ...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.