caffalaughrey
commented
3 years ago @tonimelisma I know it's been a minute since this issue was raised, thanks for bearing with me.
In terms of feasibility, I think it will depend on how much of the JWT work our code would have to do. My suggestion here would be that the JWT creation steps from our documentation should be handled outside SalesforcePy (with a polite recommendation or example of how to generate the cert, perhaps), and that our client only be extended to support the access token request. In that case, this shouldn't be a major effort.
Architecturally, while I've been looking for an excuse to switch to a more standardised OAuth2 implementation in Python, I haven't found any such libraries that support JWT. For that reason, I would say our all-purpose OAuthRequest can do the heavy-lifting for this flow.
As to how you call it at the package level, I'm open to suggestions on this. Perhaps a new oauth2 namespace could be added to the package wherein we could separate the flows in a more canonical way. Alternatively, a new function could be added at the client level.
tonimelisma
It would be great to have more authentication options in SalesforcePy besides username-password OAuth flow.
As discussed in issue https://github.com/forcedotcom/SalesforcePy/issues/21, as SalesforcePy is now mostly a headless library, implementing User Agent or Web Server OAuth flows would be hugely complex.
So I'm proposing implementing a JWT Bearer OAuth flow wherein the SalesforcePy client would authenticate via a certificate to the Salesforce org.
Pointers on feasibility, architectural guidance and product strategy are all appreciated.