This
tutorial shows you the basic of Oauth. We have created a Java Web
Application that authenticates the user to salesforce via Oauth 2.0
and then we have performed few CRUD operation via the new API.
Setup:
- SSL enabled Tomcat Server as we have deployed our Web Application on tomcat. Click here for instruction on How to enable SSL on apache Tomcat 7.0
- Salesforce Remote Access Application. Click here for instruction on How to create Remote Access Application on Salesforce?
Run the Project:
Check
out the project from the above URL, import into the eclipse and Run
as a Server.
Click
on the link and it will take you the salesforce page for
Authentication :
Once
you are login into salesforce, It will ask you to allow the
Oauth_Apps to access your data:
After
clicking on “Approve”button, You will see the below page with
few CRUD operation output :
Code Description:
OauthServlet.Java
In the Servlet initParams, We have defined the clinetSecret, clientId and the redirectUri, You can change it as per your remote application.
@WebInitParam(name
= "clientId", value =
"3MVG9Y6d_Btp4xp5hntckvnA5QVKsxlc4RUx9CbJndYCQQS4oO7jHAVspS0WdeCXBJlMXO1e9hwQSCjCBB71H"),
//
clientSecret is 'Consumer Secret' in the Remote Access UI
@WebInitParam(name
= "clientSecret", value = "4518803906379506686"),
//
This must be identical to 'Callback URL' in the Remote Access UI
@WebInitParam(name
= "redirectUri", value =
"https://localhost:8443/Services/OAuthServlet/callback"),
@WebInitParam(name
= "environment", value = "https://login.salesforce.com"),
})
When the Servlet initializes, it constructs
authUrl
,
to which it redirects the user to authenticate and authorize access
to data:
try
{
authUrl
= environment+
"/services/oauth2/authorize?response_type=code&client_id="
+
clientId + "&redirect_uri="+
URLEncoder.encode(redirectUri, "UTF-8");}
The
response.sendRedirect(authUrl)
authenticates
the users, obtains authorization for the web app to access the user’s
data(first time) and then redirects the user back to redirectUri:
https://localhost:8443/Services/OAuthServlet/callback
When control returns to the Servlet, we use the returned data to build a POST request and send it to
tokenUrl
and we get the
response(access token and instance Url) from authorization server in
JSON format.TestApi.java
As we have access token, Here we have just perform few CRUD operation i,e showAccounts, createAccount,deleteAccount and updateAccounts. In every HttpClient calls, we set a request header,Authorization
to the value OAuth
,
followed by a space, and the access token. It is essential to do this
for every interaction with the REST API; failure to do so results in
a 401 ‘Unauthorized’ error when submitting the request.
Summary:
The application demonstrates how to authenticate and retrieve an access token using Oauth 2.0 and how we can do perform CURD operation with the help of access token.References:
http://oauth.net/2/http://wiki.developerforce.com/page/Getting_Started_with_the_Force.com_REST_API