Salesforce Authentication using Node JS API With Access Token

Question

I have a requirement to retrieve the Auth Code from SalesForce API. I have created the scenario in Postman as below.

Configuring the new Token using the below parameters

Once I press "Get New Access Token", Postman opens a popup and asks to type the Username and Password in the login prompt. It shows the login page to SalesForce.
Once login success, Postman asks to use the token and it will be added here(See below image)
Then I hit the endpoint with the JSON body as a POST request.

I need to recreate this scenario in NodeJS in order to work the whole process as a single process bypassing all the login prompts.

I am using the below method to initiate this task in order to get the Token. However, the resources I found didn't match my requirement.

As the first step, I used salesforce-oauth2 npm package as below.

oauth2 = require('salesforce-oauth2');

var callbackUrl = "https://test.salesforce.com/services/oauth2/success",
consumerKey = "3MVG9sLbBx**********************2Qi.v***Vlhg3",
consumerSecret = "3MV**bBx**********************2Qi.v***Vlhg3";
    var uri = oauth2.getAuthorizationUrl({
        redirect_uri: callbackUrl,
        client_id: consumerKey,
        scope: 'api', // 'id api web refresh_token'
        // You can change loginUrl to connect to sandbox or prerelease env.
        //base_url: 'https://test.my.salesforce.com'
    });
    return response.redirect(uri);

When I debug I above code, it returns a URL pointing to the login page. I didn't want to pass this step since my requirement is to get the Auth-Code without opening any intermediate authentication popups.

How can I proceed with this? Any idea to program until the 3rd step to get the Auth Token from the SalesForce API?

Thanks in advance.

I am still not entirely sure what you are asking, are you wanting a way to get a token with no redirect to login? — Zach Hutchins, May 20 '21 at 14:00
take a look at this documentation https://developer.salesforce.com/docs/atlas.en-us.api_iot.meta/api_iot/qs_auth_access_token.htm — Zach Hutchins, May 20 '21 at 15:41
@ZachHutchins Yeah, now it works. Let me apply that. Thanks Zach — Harsha W, May 21 '21 at 08:52

score 1 · Answer 1 · answered May 20 '21 at 14:01

You tagged this salesforce-communities. It matters, is it really for community ("experience cloud") users or internals? Salesforce has lots of OAuth2 flows to chose from: https://help.salesforce.com/articleView?id=sf.remoteaccess_oauth_flows.htm&type=5

If you know the password and it's internal user (maybe real human, maybe you have some dedicated "Integration User") - you can work with Username-Password flow. There's no login page and no OAuth consent step. But

This flow doesn’t support scopes or refresh tokens. Experience Cloud sites don’t support the OAuth 2.0 username-password flow.

You might be able to use JWT Flow. You need username (no password) and your Node app would be sending a message signed with certificate that you uploaded earlier to SF "connected app". You could even mark the users as preauthorised so there's no consent screen.

Other than that I think all OAuth2 flows available for community need a human to actually type the password in. You can pass login hint in the url to save them the username but pass they need to provide on SF login page before coming back to your app.

Dig a bit in help, happy to be proven wrong.

Salesforce Authentication using Node JS API With Access Token

1 Answers1