How to integrate Web Application with Salesforce via Oauth

This tutorial shows you the basic of Oauth. We have created a Java Web Application that authenticates the user to salesforce via Oauth 2.0 and then we have performed few CRUD operation via the new API.

Setup:

• SSL enabled Tomcat Server as we have deployed our Web Application on tomcat. Click here for instruction on How to enable SSL on apache Tomcat 7.0
• Salesforce Remote Access Application. Click here for instruction on How to create Remote Access Application on Salesforce?
• Download the application from here and change the name to Services.

Run the Project:

Check out the project from the above URL, import into the eclipse and Run as a Server.

Navigate your browser to https://localhost:8443/Services. You will see the following page:

Click on the link and it will take you the salesforce page for Authentication :

Once you are login into salesforce, It will ask you to allow the Oauth_Apps to access your data:

After clicking on “Approve”button, You will see the below page with few CRUD operation output :

Note : You have provided your credentials to the salesforce.com website not to the requesting application. This is Oauth in Action. Once you are authorize accessing to your data, The control will return back to your application with salesforce.com generated token using which you can interact with the salesforce data.

Code Description:

OauthServlet.Java

In the Servlet initParams, We have defined the clinetSecret, clientId and the redirectUri, You can change it as per your remote application.

@WebInitParam(name = "clientId", value = "3MVG9Y6d_Btp4xp5hntckvnA5QVKsxlc4RUx9CbJndYCQQS4oO7jHAVspS0WdeCXBJlMXO1e9hwQSCjCBB71H"),

// clientSecret is 'Consumer Secret' in the Remote Access UI

@WebInitParam(name = "clientSecret", value = "4518803906379506686"),

// This must be identical to 'Callback URL' in the Remote Access UI

@WebInitParam(name = "redirectUri", value = "https://localhost:8443/Services/OAuthServlet/callback"),

@WebInitParam(name = "environment", value = "https://login.salesforce.com"), })

Here our Java Web Application act as a third-party website or termed as “client” which operate on behalf of a user. It first sends the request to salesforce.com which authenticates the user, obtain the user's authorization(i,e Approve/Deny page) and issues an access token which client can use while interacting with the resource server I,e salesforce instance.


When the Servlet initializes, it constructs authUrl, to which it redirects the user to authenticate and authorize access to data:

try {

authUrl = environment+ "/services/oauth2/authorize?response_type=code&client_id="

+ clientId + "&redirect_uri="+ URLEncoder.encode(redirectUri, "UTF-8");}

The authUrl contains the configuartion which identifies the salesforce remote application.It also creates the tokenUrl which it uses to obtain the access token.

The response.sendRedirect(authUrl) authenticates the users, obtains authorization for the web app to access the user’s data(first time) and then redirects the user back to redirectUri: https://localhost:8443/Services/OAuthServlet/callback

When control returns to the Servlet, we use the returned data to build a POST request and send it to tokenUrl and we get the response(access token and instance Url) from authorization server in JSON format.

TestApi.java

As we have access token, Here we have just perform few CRUD operation i,e showAccounts, createAccount,deleteAccount and updateAccounts. In every HttpClient calls, we set a request header, Authorization to the value OAuth, followed by a space, and the access token. It is essential to do this for every interaction with the REST API; failure to do so results in a 401 ‘Unauthorized’ error when submitting the request.

Summary:

The application demonstrates how to authenticate and retrieve an access token using Oauth 2.0 and how we can do perform CURD operation with the help of access token.

References:

http://oauth.net/2/
http://wiki.developerforce.com/page/Getting_Started_with_the_Force.com_REST_API

How to create Remote Access Application on Salesforce?

Before I'll start with how to create Remote Access Application. First let me explain what is actually Remote Access Application.

What is Remote Access Application?

A remote access Application is an application external to salesforce that uses the Oauth protocol to verify both the salesforce user and the external data. All remote access applications have been integrated with salesforce, such that they can access a subset of your salesforce data once you explicitly grant each application permission.

How to create Remote Access Application?

To create an Remote application, You must have your developer account, If you don’t have it then You can create it from here.

Step to create your First Remote Access Application:

1. Login to salesforce.com then click Your Name |Create | Apps and click on “new” button. Check below screenshot :
   
     
   
   
   When you click on new button, you will see a page like this:
   
   
   
   
   

2. Enter the name of the Application. This is required.
3. Enter the specify Callback URL which is also required. It represents the URL that the user will be returned to after they approve access for the application. Mostly It uses HTTPS protocol.
4. Enter your Contact Email. Contact Email is required.
5. Now Save the Remote Access Application.

Once you saved the application you will get the generated consumer key and consumer secret as shown below:

Note : Later, If you change the name of the application, the consumer key and consumer secret are not regenerated. It will be same as it was generated on the first time.
 
Congratulation!!! You have created your first Remote Access Application.