Deprecated: Optional parameter $list declared before required parameter $is_script is implicitly treated as a required parameter in /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php on line 21

Deprecated: Optional parameter $register declared before required parameter $footer_or_media is implicitly treated as a required parameter in /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php on line 45

Deprecated: Optional parameter $register declared before required parameter $footer_or_media is implicitly treated as a required parameter in /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php on line 104

Deprecated: Optional parameter $expire declared before required parameter $path is implicitly treated as a required parameter in /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_functions.php on line 54

Deprecated: Optional parameter $depth declared before required parameter $output is implicitly treated as a required parameter in /home1/oijoiv2f/public_html/wp-content/themes/entaro/inc/classes/megamenu.php on line 155

Deprecated: Optional parameter $depth declared before required parameter $output is implicitly treated as a required parameter in /home1/oijoiv2f/public_html/wp-content/themes/entaro/inc/classes/mobilemenu.php on line 147

Deprecated: Optional parameter $args declared before required parameter $wp_customize is implicitly treated as a required parameter in /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/extensions/customizer/extension_customizer.php on line 583

Deprecated: Optional parameter $args declared before required parameter $wp_customize is implicitly treated as a required parameter in /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/extensions/customizer/extension_customizer.php on line 606

Warning: Cannot modify header information - headers already sent by (output started at /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php:21) in /home1/oijoiv2f/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php:21) in /home1/oijoiv2f/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php:21) in /home1/oijoiv2f/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php:21) in /home1/oijoiv2f/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php:21) in /home1/oijoiv2f/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php:21) in /home1/oijoiv2f/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php:21) in /home1/oijoiv2f/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home1/oijoiv2f/public_html/wp-content/plugins/apus-framework/libs/redux/ReduxCore/inc/class.redux_cdn.php:21) in /home1/oijoiv2f/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831
{"id":1271,"date":"2018-03-17T08:40:50","date_gmt":"2018-03-17T08:40:50","guid":{"rendered":"http:\/\/www.salesforcenextgen.com\/?p=1271"},"modified":"2020-12-28T19:34:47","modified_gmt":"2020-12-28T19:34:47","slug":"authenticate-user-using-username-password-authentication-flow","status":"publish","type":"post","link":"https:\/\/salesforcenextgen.com\/authenticate-user-using-username-password-authentication-flow\/","title":{"rendered":"How to Authenticate user using Username-Password Authentication Flow in Salesforce?"},"content":{"rendered":"

How to Authenticate user using Username-Password Authentication Flow in Salesforce?<\/strong><\/p>\n

Salesforce uses oAuth protocol to allow application users to access the data in salesforce securely without exposing Username and password of a particular user.<\/p>\n

But before we could make a REST Api call, we need to authenticate our app with salesforce, by making it a connected app. To make an App as connected app follow the steps given in this post.<\/p>\n

\"How<\/p>\n

There are several OAuth endpoints provided by Salesforce, depending upon our requirement and resources we need to choose an authentication flow from the below<\/p>\n

    \n
  1. Web server Flow<\/strong><\/li>\n
  2. User-Agent Flow<\/strong><\/li>\n
  3. Username-Password Flow<\/strong><\/li>\n<\/ol>\n

    Once we have successfully authenticated our connected app user, salesforce provide us with an access token, which are further utilised to make authenticated REST Api calls.<\/p>\n

    In this post we are going to discuss the Username-Password Authentication Flow<\/strong>.<\/p>\n

    This authentication flow make use of user\u2019s credentials directly on the web server and should be used only if necessary, there is no refresh token is provided in this flow, see the flow diagram below.<\/p>\n

    \"Username-Password<\/p>\n

    Step wise breakdown of the authentication flow:<\/p>\n

      \n
    1. The application uses the credential of the user to generate the access token. To use this service, we make a POSt call to the endpoint for the Username-password authentication flow : https:\/\/login.salesforce.com\/services\/oauth2\/token<\/li>\n<\/ol>\n

      Parameter\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Description<\/p>\n

      grant_type\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Must be password for this authentication flow.<\/p>\n

      client_id\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 The Consumer Key from the connected app definition.<\/p>\n

      client_secret\u00a0\u00a0\u00a0\u00a0\u00a0 The Consumer Secret from the connected app definition. Required unless the Require Secret for Web Server Flow setting is not enabled in the connected app definition.<\/p>\n

      username\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 End-user\u2019s username.<\/p>\n

      password\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 End-user\u2019s password.<\/p>\n

      Example authorization url will look something like this:<\/p>\n

      grant_type=password&client_id=3MVG9lKcPoNINVBIPJjdw1J9LLM82HnFVVX19KY1uA5mu0QqEWhqKpoW3svG3XHrXDiCQjK1mdgAvhCscA9GE&client_secret=1955279925675241571&username=testuser%40salesforce.com&password=mypassword123456<\/p>\n

        \n
      1. After confirmation from Salesforce the client application will get a response with the access token authorized and end-user\u2019s Web browser would be redirected to the callback URL specified by the\u00a0redirect_uri\u00a0parameter. The authorization information is appended by Salesforce to the redirect URL with the following values:<\/li>\n<\/ol>\n

        Parameters\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Description<\/p>\n

        access_token\u00a0\u00a0\u00a0 Access token that acts as a session ID that the application uses for making requests. This token should be protected as though it were user credentials.<\/p>\n

        instance_url\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Identifies the Salesforce instance to which API calls should be sent.<\/p>\n

        id\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Identity URL that can be used to both identify the user as well as query for more information about the user. Can be used in an HTTP request to get more information about the end user.<\/p>\n

        issued_at\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 When the signature was created, represented as the number of seconds since the Unix epoch (00:00:00 UTC on 1 January 1970).<\/p>\n

        signature\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Base64-encoded HMAC-SHA256 signature signed with the consumer’s private key containing the concatenated ID and issued_at value. The signature can be used to verify that the identity URL wasn\u2019t modified because it was sent by the server.<\/p>\n

        An example of the response is as shown below<\/p>\n

        {“id”:”https:\/\/login.salesforce.com\/id\/00Dx0000000BV7z\/005x00000012Q9P”,<\/p>\n

        “issued_at”:”1278448832702″,”instance_url”:”https:\/\/***yourInstance***.salesforce.com\/”,<\/p>\n

        “signature”:”0CmxinZir53Yex7nE0TD+zMpvIWYGb\/bdJh6XfOH6EQ=”,”access_token”:<\/p>\n

        “00Dx0000000BV7z!AR8AQAxo9UfVkh8AlV0Gomt9Czx9LjHnSSpwBMmbRcgKFmxOtvxjTrKW1<\/p>\n

        9ye6PE3Ds1eQz3z8jr3W7_VbWmEu4Q8TVGSTHxs”}<\/p>\n

          \n
        1. The information received in the previous step is further used to make the authenticated REST Api calls.<\/li>\n<\/ol>\n