验证外部应用到Salesforce实例

Question

I am building a mobile application that will need to fetch data from my salesforce instance. I have no problem with SOQL to grab the appropriate data. However, I do not want the user of the mobile app to have to log in to get a token, which I need to use to access the data.

Is it possible to authenticate the app via appId and client secret in the application to allow the appropriate use/access of the APIs? This would be similar to authenticating an app to a Parse or Firebase instance without requiring an authenticated user.

Thanks!

Answer 1

This is an example in nodejs/Express , in this example i get the accounts:

var express = require('express');
var router = express.Router();
var nforce = require('nforce');
/* GET home page. */
router.get('/', function(req, res, next) {

var accounts =[];
// create the connection with the Salesforce connected app
var org = nforce.createConnection({
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
redirectUri: process.env.CALLBACK_URL,
mode: 'single'
});

 // authenticate and return OAuth token
 org.authenticate({
 username: process.env.USERNAME,
 password: process.env.PASSWORD+process.env.SECURITY_TOKEN
 }, function(err, resp){
  if (!err) {

  console.log('Successfully logged in! Cached Token: ' + 
  org.oauth.access_token);
  // execute the query
  org.query({ query: 'select id, name from account' }, function(err, resp){
    if(!err && resp.records) {
      // output the account names
      for (i=0; i<resp.records.length;i++) {
        //console.log(resp.records[i].get('name'));
        accounts.push(resp.records[i].get('name'));
      }

      res.render('index', { title:'Accounts',accounts:accounts });
    }
  });
}
 if (err) console.log(err);
 }); 

 //console.log(accounts);

 });

 module.exports = router;

You need to get you api crendentials for authenticate , it does not matter what language are you using the concept is the same.

USERNAME : Your Salesforce User name

PASSWORD: Your Salesforce Password

SECURITY_TOKEN: Your user security token , if you don't have it you can go to My Settings -Personal -Reset my security token and Salesforce will send you the token to your email.

The other parameters are parameters you get from your app , so you have to register the app to get the security tokens.

For create a connected apd You go to : Setup -Build-Create Apps in the section of Connected Apps create a new one. the connected api generate a consumer key and a Consumer secret.

CLIENT_ID: Is the consumer key

CLIENT_SECRET:Is the Consumer secret

CALLBACK_URL: The callback url in my example is : http://localhost:3000

Answer 2

This is not natively possible. All access to data/meta data in salesforce goes through a salesforce user account. User accounts auth via username/pass, or via SSO (oAuth/SAML), or "Delegated Auth" (a pre-SAML auth service).

Creating a "Connected App" is a feature, enabled by the salesforce admin, which enables your mobile app to connect via oAuth, along with a public/private key pair. However, Login is still required.

Perhaps you could place middleware between salesforce and your API - the middleware would connect to salesforce using a salesforce user account, while the API that it exposes accepts your public/private key.