How to connect to Salesforce using OAuth JWT Flow
This article shows you how to connect to Salesforce using OAuth 2.0 JWT (JSON Web Token) authentication flow.
Talend provides two connection types to access Salesforce via Salesforce components or metadata wizard:
Basic: connects to Salesforce using your Salesforce account username, password, and security token information. For a related use case, see Upserting Salesforce data based on external IDs.
OAuth Json Web Token Flow: connects to Salesforce using OAuth 2.0 JWT authentication flow. For more information about OAuth 2.0 JWT Flow, see the Salesforce official documentation Digging Deeper into OAuth 2.0 in Salesforce.
Before you begin
Before connecting to Salesforce using OAuth 2.0 JWT Flow via Salesforce components or metadata wizard, you need to create your own connected app required by JWT Flow in Salesforce via the following steps.
Go to Create Self-Signed Certificate to create a self-signed certificate and then download the certificate to your local machine. In this example, the certificate talend_certificate has been created and downloaded to D:\talend_certificate.crt for demonstration purpose. For more information about how to create a self-signed certificate, see the Salesforce official documentation Generate a Self-Signed Certificate., click
- Click Export to Keystore to export your certificate to a keystore file in JKS (Java Keystore) format. In this example, the certificate is exported to D:\00D28000001O6WS.jks.
- Go to New in the Connected
Apps area and create a connected app that enables OAuth settings
and uses the digital certificate D:\talend_certificate.crt
you have downloaded. A consumer key will be generated for the JWT authorization
flow. In this example, the connected app talend_app has
been created for demonstration purpose. For more information about how to create
a connected app, see the Salesforce official documentation Create a Connected App.
- Approve the consumer before using it after creating the connected app. To do
this, copy and paste the authorize URL
https://login.salesforce.com/services/oauth2/authorizewith the following query string parameters into your web browser's address bar, press Enter and accept the access authorization.
- client_id: the value is the consumer key.
- redirect_uri: the value is https://login.salesforce.com/services/oauth2/success.
- response_type: the value is code.
The authorize URL and the query string parameters are concatenated with a question mark ?, and every two query string parameters are concatenated with an ampersand &. An example URL is shown below, with line breaks for readability. You need to join all these lines into one line before copying and pasting the URL into your web browser's address bar.
https://login.salesforce.com/services/oauth2/authorize? client_id=3MVG9ZL0ppGP5UrCLU3Fzejy8RgQbnFad6mMbHtzjB3kb7OJqkfyVJ8TyiXtK_dPkwnUY3SsaEUHwEEu3bN3l& redirect_uri=https://login.salesforce.com/services/oauth2/success& response_type=code
Now you can connect to Salesforce using OAuth 2.0 JWT authentication flow via Salesforce components or metadata wizard. In the following example, the Salesforce metadata wizard will be used to test the connection to Salesforce using OAuth 2.0 JWT Flow.
In the Repository tree view, right-click
Salesforce under the Metadata
node and select Salesforce Connection from the contextual
- In the Name field, enter the name of the Salesforce connection to be created, salesforce_oauth_jwt in this example.
- Select OAuth from the Connection type drop-down list, and from the Oauth2 flow type drop-down list displayed, select Json Web Token Flow.
- In the Issuer field, enter your OAuth Consumer Key, which can be found in the connected app detail page in Salesforce, between double quotation marks.
- In the Subject field, enter your Salesforce username between double quotation marks.
- In the Expiration time (in seconds) field, enter the expiration time of the assertion in seconds, 600 in this example.
- In the Key store field, specify the path to the keystore file into which you have exported your certificate, D:/00D28000001O6WS.jks in this example.
- In the Key store password field, enter the keystore password you defined when exporting your certificate into the keystore file.
- In the Certificate alias field, enter the unique name of your certificate, talend_certificate in this example.
- Click Test connection, and a pop-up dialog box will be displayed to show you that the connection to Salesforce is successfully created.