3

I am trying a post-call to generate an access token using the client username and password. I would like to know how we can achieve this through Java code.

Basically, I have username and password. I would need to get the access token to pass in below authorization header

byte[] encryptedAccessToken = null;
String username = "someUser";
String pass = "somePassword";
String auth = username + ":" + pass;
byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(StandardCharsets.ISO_8859_1));
URL obj = new URL("https://api.salesforce.com/v2/oauth/token?grant_type=openapi_2lo");
HttpURLConnection postConnection = (HttpURLConnection) obj.openConnection();
postConnection.setRequestMethod("POST");

String authorizationHeader = "Bearer " + "encodedAuth";
postConnection.setRequestProperty("Content-Type", "application/json");
postConnection.setRequestProperty("Authorization", authorizationHeader);

postConnection.setDoOutput(true);

Basically, I have a username and password. I would need to get the access token to pass in below authorizationHeader. Could you please tell me how to generate an access token using this username and password.

Tom
  • 16,842
  • 17
  • 45
  • 54
TTT
  • 113
  • 2
  • 3
  • 11
  • You don't _need_ an access token to use in your code, you will _receive_ an access token, since you're calling the "login" API. Salesforce provides a tutorial in how to use their API, have you check that? https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/quickstart_oauth.htm#! – Tom Aug 20 '19 at 15:10
  • I gave a sample link and credentials....I am passing the url m username and password in postman POST method to generate access tokn, same i would like to achieve thru java code.. thats where i got stuck and would some insights. Thanks – TTT Aug 20 '19 at 15:29

1 Answers1

1

The standard way to get an access token by presenting username and password is called "Resource Owner Password Credentials" flow (RFC 6749, 4.3). If the token endpoint of the server supports the flow, a request you should make is as follows.

POST {Token Endpoint} HTTP/1.1
Host: {Authorization Server}
Content-Type: application/x-www-form-urlecoded

grant_type=password    // - Required
&username={User ID}    // - Required
&password={Password}   // - Required
&scope={Scopes}        // - Optional

If the client type (RFC 6749, 2.1) of your client application is public, a client_id request parameter is required, too. If the client type is confidential, request parameters for client authentication are required. Regarding client authentication, see "OAuth 2.0 Client Authentication".

Finally, note that (a) credentials of a user and (b) credentials of a client are different things. In the context of OAuth 2.0, no specification requires credentials of a user be embedded in the Authorization header. On the other hand, client_secret_basic (one of client authentication methods) requires credentials of a client be embedded in the Authorization header.

Community
  • 1
  • 1
Takahiko Kawasaki
  • 18,118
  • 9
  • 62
  • 105
  • Thanks.. but how can i acheive this through java code..., my requirement is i have userid and password with url...need access token. Please assist.Thanks – TTT Aug 21 '19 at 08:59
  • You can find a usage example of Java APIs for making HTTP requests in [AuthleteApiImpl](https://github.com/authlete/authlete-java-common/blob/master/src/main/java/com/authlete/common/api/AuthleteApiImpl.java). Check `callApi()` method in the source file. – Takahiko Kawasaki Aug 21 '19 at 09:48
  • 1
    I checked this code.. its not generating access token , as its already passing the token. I want to generate access token with given username and passowrd – TTT Aug 22 '19 at 17:12
  • I mentioned AuthleteApiImpl not to show how to generate an access token but show how to send an HTTP request and receive its response in Java because you asked "How can I achieve this through Java code". I showed (1) the HTTP request you should send and (2) example usage of Java APIs. These pieces of information are enough for most engineers. If you still cannot complete your code, I recommend you try to find an expert around you and ask for help face to face. – Takahiko Kawasaki Aug 23 '19 at 18:45