Thursday, February 21, 2013

How to integrate Web Application with Salesforce via Oauth

This tutorial shows you the basic of Oauth. We have created a Java Web Application that authenticates the user to salesforce via Oauth 2.0 and then we have performed few CRUD operation via the new API.


  • SSL enabled Tomcat Server as we have deployed our Web Application on tomcat. Click here for instruction on How to enable SSL on apache Tomcat 7.0
  • Salesforce Remote Access Application. Click here for instruction on How to create Remote Access Application on Salesforce?
  • Download the application from here and change the name to Services.

Run the Project:

Check out the project from the above URL, import into the eclipse and Run as a Server.

Navigate your browser to https://localhost:8443/Services. You will see the following page:

Click on the link and it will take you the salesforce page for Authentication :

Once you are login into salesforce, It will ask you to allow the Oauth_Apps to access your data:

After clicking on “Approve”button, You will see the below page with few CRUD operation output :

Note : You have provided your credentials to the website not to the requesting application. This is Oauth in Action. Once you are authorize accessing to your data, The control will return back to your application with generated token using which you can interact with the salesforce data.

Code Description:


In the Servlet initParams, We have defined the clinetSecret, clientId and the redirectUri, You can change it as per your remote application.
@WebInitParam(name = "clientId", value = "3MVG9Y6d_Btp4xp5hntckvnA5QVKsxlc4RUx9CbJndYCQQS4oO7jHAVspS0WdeCXBJlMXO1e9hwQSCjCBB71H"),
// clientSecret is 'Consumer Secret' in the Remote Access UI
@WebInitParam(name = "clientSecret", value = "4518803906379506686"),
// This must be identical to 'Callback URL' in the Remote Access UI
@WebInitParam(name = "redirectUri", value = "https://localhost:8443/Services/OAuthServlet/callback"),
@WebInitParam(name = "environment", value = ""), })

Here our Java Web Application act as a third-party website or termed as “client” which operate on behalf of a user. It first sends the request to which authenticates the user, obtain the user's authorization(i,e Approve/Deny page) and issues an access token which client can use while interacting with the resource server I,e salesforce instance.

When the Servlet initializes, it constructs authUrl, to which it redirects the user to authenticate and authorize access to data:
try {
authUrl = environment+ "/services/oauth2/authorize?response_type=code&client_id="
+ clientId + "&redirect_uri="+ URLEncoder.encode(redirectUri, "UTF-8");}

The authUrl contains the configuartion which identifies the salesforce remote application.It also creates the tokenUrl which it uses to obtain the access token.
The response.sendRedirect(authUrl) authenticates the users, obtains authorization for the web app to access the user’s data(first time) and then redirects the user back to redirectUri: https://localhost:8443/Services/OAuthServlet/callback

When control returns to the Servlet, we use the returned data to build a POST request and send it to tokenUrl and we get the response(access token and instance Url) from authorization server in JSON format.

As we have access token, Here we have just perform few CRUD operation i,e showAccounts, createAccount,deleteAccount and updateAccounts. In every HttpClient calls, we set a request header, Authorization to the value OAuth, followed by a space, and the access token. It is essential to do this for every interaction with the REST API; failure to do so results in a 401 ‘Unauthorized’ error when submitting the request.


The application demonstrates how to authenticate and retrieve an access token using Oauth 2.0 and how we can do perform CURD operation with the help of access token.