This application is an example implementation in Node.js of the different SAML and OAuth flows that are supported by Salesforce. Please leverage this repository as learning material, rather than something to be used in production.
When I was preparing for the Salesforce Certified Technical Architect (CTA) certification, Identity & Access Management (IAM) was one of the topics I struggled with. Mainly because I hadn't come into contact with it frequently during any projects I'd worked on.
I knew how to set up Single Sign-On (SSO), but that didn't compare to understanding the more delicate complexities of the different OAuth flows. So I started diving into this topic in detail.
There were two resources that were invaluable to me:
At first, I expanded upon Jitendra's work by adding the flows I struggled with most. After passing the CTA board, I wanted to build it out further to include the majority of OAuth flows so that others could also learn from it.
It took a while but I've finally built it.
!! This video is outdated - planning to update soon
You can find a video walkthrough of how to install and set up the application on your personal Heroku environment. Click the below image to launch the video on Youtube.
Step-by-step instructions on how to get the application up and running.
You can run this application locally via Node.js or on Heroku.
Create a Heroku account if you don't already have one.
If you want to run the application locally, install the Heroku CLI.
For some of the OAuth flows, we'll need a public certificate (or public key) and upload it to the Connected App.
We'll either need to generate our own public & private key, or you can use the ones in this repository. Both keys are stored in the root folder:
To generate your own private key and public certificate, follow these steps
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out server.crt -days 365 -noenc
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out server.crt -days 365 -nodes
Create a Connected App in your Salesforce org. The Connected App should have the following settings:
From the newly created Connected App, click 'Manage', then 'Edit Policies'. Under 'OAuth Policies', selected 'Admin approved users are pre-authorized' for 'Permitted Users'.
After saving, add the correct profile of your user or add a permission set that is assigned to your user.
PORT=8080
CALLBACK_URL=https://localhost:8081/services/oauth2/success
PERSIST=true
CLIENT_ID=3MVG9Rd3qC6oMalWJCSJXAUD00hp7CXsrAV._dFrbch4jYXUOu_kAuP0uuRsrzMSSwYqldy5qdylySUwZvkn3
CLIENT_SECRET=B2ABE781A2EA7927084257478BB783074DD7E79A220758439D5F575C4FC6B7BF
BASE_URL=https://nicolasvandenbossche-dev-ed.my.salesforce.com
USERNAME=n.vanden.bossche@accenture.com
API_VERSION=57.0
npm install
node -r dotenv/config Server.js
Navigate to your app, either on Heroku or locally (via https://localhost:8081). Go to the flow you're interested in, read the description and click the Launch button to execute.