Salesforce

"Salesforce is a cloud-based software company that provides customer relationship management software and applications focused on sales, customer service, marketing automation, e-commerce, analytics, and application development."

Configuration

Reference: Salesforce OAuth 2.0 Client Credentials Flow for Server-to-Server Integration.

Pre-requisites: An existing Salesforce subscription or signup for a free trial version.

Setting up Salesforce

Login to your salesforce account. Click on the Quick Settings icon.

Click on Open Advanced Setup

Click on ‘PLATFORM TOOLS > Apps > Apps Manager’.

Click New Connected App.

Click on Enable OAuth Settings.

Enter a fake Callback URL, select the following form fields for Selected OAuth Scopes and check Enable Client Credentials Flow.

Scroll down and click Save.

Click Continue.

Wait 10 minutes.

Configuration Values for crul

Type my domain in the quick find box.

Copy the Current My Domain URL value to a safe place. You will need this later for the credentials setup.

Click on Apps > App Manager > Manage dropdown associated to your app.

Click on Manage Consumer Details

You will be redirected to a Verify Your Identity screen, follow the instructions.

Copy the Consumer Key and Consumer Secret values to a safe place. You will need this later for the credentials setup.

Final Permission Settings for Salesforce

Click on Apps > App Manager > Manage for your app.

Click on Edit Policies.

Update Client Credentials Flow > Run As with a registered users full name to grant permissions.

NOTE: Salesforce OAuth 2.0 Client Credentials Flow for Server-to-Server Integration will not work without enabling this permission to a specified user. Although there's no user interaction in the client credentials flow, Salesforce still requires you to specify an execution user. By selecting an execution user, you allow Salesforce to return access tokens on behalf of this user. The execution user must have the API Only permission.

Configuring Salesforce OAuth Credentials in crul

Navigate to the credentials page in crul (top right corner menu credentials).

Click the create button.

Select OAuth Provider (Client Credentials) from the type dropdown, then select Salesforce from the provider dropdown.

Copy the Salesforce Current My Domain URL value into the Token Host credentials form entry. Copy the Consumer Key value into the Client Id credentials form entry. Then copy the Consumer Secret into the Client Secret credentials form entry.

Test the credential by running the following query. You should see a populated token.access_token column in the results.

oauth --credential "salesforce"

Example queries

NOTE: Replace all <> with respective values copied from Salesforce configuration.

Raw oauth command authentication

oauth
--auth.tokenHost "<Current My Domain URL>"
--auth.tokenPath "/oauth2/token"
--client.id "<Consumer Key>"
--client.secret "<Consumer Secret>"
--grant "clientcred"

List of recently viewed records (REST)

Use the Recently Viewed Items resource to get a list of recently viewed records.

oauth --credential "salesforce"
|| curl "$auth.tokenHost$/services/data/v58.0/recent/?limit=100" -H "Authorization: Bearer $token.access_token$"

or

api GET "<CURRENT DOMAIN URL>/services/data/v58.0/recent/?limit=100" --credentials.oauth "salesforce"

Salesforce via GraphQL

The Salesforce GraphQL API is available in Enterprise, Performance, Unlimited, and Developer Editions. It adheres to the June 2018 version of the spec.

oauth --credential "salesforce"
|| graphql "$auth.tokenHost$/services/data/v57.0/graphql" "
query accounts {
    uiapi {
         query {
             Account {
                 edges {
                     node {
                         Id
                          Name {
                             value
                         }
                     }
                 }
             }
         }
    }
}"
--headers '{
  Authorization: "Bearer $token.access_token$"
}'