![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[FREE EBOOKS] Offensive Security Using Python, Learn Computer Forensics — 2nd edition & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Ditching a Microsoft Job to Enter Startup Purgatory with Lonewolf Engineer Sam Crombie [Podcast #171]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746753508177/0cd57f66-fdb0-4972-b285-1443a7db39fc.png?#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-xl.jpg)
![New iPad 11 (A16) On Sale for Just $277.78! [Lowest Price Ever]](https://www.iclarified.com/images/news/97273/97273/97273-640.jpg)
![Apple Foldable iPhone to Feature New Display Tech, 19% Thinner Panel [Rumor]](https://www.iclarified.com/images/news/97271/97271/97271-640.jpg)
OAuth grant type setup for Salesforce from Amazon AppFlow
OAuth grant type setup for Salesforce from Amazon AppFlow - JSON Web Token (JWT) and Authorization code: This is the last blog of the three-part series on data transfer between Salesforce (Software-as-a-service) CRM and AWS using Amazon Appflow. In Part I, it was discussed an overview of Amazon AppFlow for data transfer from external CRM applications. It also covered sample flow configuration and cost considerations during configuring and executing the flows. In Part II, it was discussed about considerations and observations during data transfer between Salesforce (Software-as-a-service) CRM and AWS using Amazon Appflow This blog will cover in detail about JSON Web Token (JWT) setup and authorization code options for OAuth grant type: JSON Web Token (JWT): With this option, one need to provide a JWT to access the data from Salesforce. The JWT is passed along with the connection, and Salesforce provides access. As discussed earlier, as per organization mandate, compliance reasons, Authorization code may not be supported and need to connect using JSON Web Token (JWT) for connecting to Salesforce from AWS. This option uses certificate to sign the JWT request and does not need a explicit user credentials. One need to create certificate by using below commands and created certificate must be uploaded in salesforce to get JWT token for using OAuth JWT token option. Generate RSA private key: openssl genrsa -des3 -passout pass:Password -out server.pass.key 2048 openssl rsa -passin pass:Password -in server.pass.key -out server.key Generate certificate: openssl req -new -key server.key -out server.csr Generate SSL certificate: openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt These commands will create private key and actual X509 certificate. Once x509 certificate is created, one need to create connected app in Salesforce for oAuth connection setup to use JWT option and use this certificate. It needs to have below options selected, considered – Enable OAuth setting Use digital signature and upload the certificate already created Refer below link for detailed steps for configuring the connected app. https://help.salesforce.com/s/articleView?id=sf.connected_app_overview.htm&language=en_US&type=5 Once connected app is created, one can create valid JWT token, which consists of Headers, Payload and Signature Headers – JWT header with format as alg:RS256 Payload – JSON claims set with below parameters – { “Iss”: “3MVG99OxTyEMCQ3gNp2PjkqeZKxnmAiG1xV4oHh9AKL_rSK.BoSVPGZHQ ukXnVjzRgSuQqGn75NL7yfkQcyy7”, “aud”: “https://test.salesforce.com”, “sub”: “sample@gmail.com”, “exp”: “1333685628” } Signature: It will consist of Base64UrlEncode encoded header details, certificate key and private key With the above details and using external sites such as jwt.io, a valid base64 encoded JWT token can be generated. A connection to Salesforce in AWS AppFlow can be created with an option for Using a valid JWT token JSON web token and putting a valid JSON token created above as shown below. Authorization code: With this option, one need to select Authorization code for the OAuth grant type in setting up the connection for the Salesforce in Amazon Appflow and it will prompt a separate window for user credentials need to be entered. As discussed before, it does not need explicit setup on the Salesforce or AWS side, just given user need access to the Salesforce account, but this option may not be available for higher environments due to compliance requirements. Conclusion: This blog provides details about JSON Web Token (JWT) setup from Salesforce and Amazon AppFlow side for enabling connecting to Salesforce using JSON Web Token (JWT) as oAuth grant type. It also discusses about Authorization code OAuth grant type for connecting to Salesforce.
OAuth grant type setup for Salesforce from Amazon AppFlow - JSON Web Token (JWT) and Authorization code:
This is the last blog of the three-part series on data transfer between Salesforce (Software-as-a-service) CRM and AWS using Amazon Appflow.
In Part I, it was discussed an overview of Amazon AppFlow for data transfer from external CRM applications. It also covered sample flow configuration and cost considerations during configuring and executing the flows.
In Part II, it was discussed about considerations and observations during data transfer between Salesforce (Software-as-a-service) CRM and AWS using Amazon Appflow
This blog will cover in detail about JSON Web Token (JWT) setup and authorization code options for OAuth grant type:
JSON Web Token (JWT):
With this option, one need to provide a JWT to access the data from Salesforce. The JWT is passed along with the connection, and Salesforce provides access.
As discussed earlier, as per organization mandate, compliance reasons, Authorization code may not be supported and need to connect using JSON Web Token (JWT) for connecting to Salesforce from AWS. This option uses certificate to sign the JWT request and does not need a explicit user credentials.
One need to create certificate by using below commands and created certificate must be uploaded in salesforce to get JWT token for using OAuth JWT token option.
Generate RSA private key:
openssl genrsa -des3 -passout pass:Password -out server.pass.key 2048
openssl rsa -passin pass:Password -in server.pass.key -out server.key
Generate certificate:
openssl req -new -key server.key -out server.csr
Generate SSL certificate:
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
These commands will create private key and actual X509 certificate.
Once x509 certificate is created, one need to create connected app in Salesforce for oAuth connection setup to use JWT option and use this certificate. It needs to have below options selected, considered –
Enable OAuth setting
Use digital signature and upload the certificate already created
Refer below link for detailed steps for configuring the connected app.
https://help.salesforce.com/s/articleView?id=sf.connected_app_overview.htm&language=en_US&type=5
Once connected app is created, one can create valid JWT token, which consists of Headers, Payload and Signature
Headers – JWT header with format as alg:RS256
Payload – JSON claims set with below parameters –
{
“Iss”: “3MVG99OxTyEMCQ3gNp2PjkqeZKxnmAiG1xV4oHh9AKL_rSK.BoSVPGZHQ
ukXnVjzRgSuQqGn75NL7yfkQcyy7”,
“aud”: “https://test.salesforce.com”,
“sub”: “sample@gmail.com”,
“exp”: “1333685628”
}
Signature: It will consist of Base64UrlEncode encoded header details, certificate key and private key
With the above details and using external sites such as jwt.io, a valid base64 encoded JWT token can be generated.
A connection to Salesforce in AWS AppFlow can be created with an option for Using a valid JWT token JSON web token and putting a valid JSON token created above as shown below.
Authorization code:
With this option, one need to select Authorization code for the OAuth grant type in setting up the connection for the Salesforce in Amazon Appflow and it will prompt a separate window for user credentials need to be entered.
As discussed before, it does not need explicit setup on the Salesforce or AWS side, just given user need access to the Salesforce account, but this option may not be available for higher environments due to compliance requirements.
Conclusion:
This blog provides details about JSON Web Token (JWT) setup from Salesforce and Amazon AppFlow side for enabling connecting to Salesforce using JSON Web Token (JWT) as oAuth grant type. It also discusses about Authorization code OAuth grant type for connecting to Salesforce.
