salesforce – Page 2 – lekkimworld.com

Salesforce Headless Identity Login Example

This week I helped a colleague doing an example of how to use the Salesforce Headless Login flow from a single page app (SPA). The Github repo describes how to configure the Salesforce org (a scratch org) and how to use the included SPA – just a super simple HTML page really – to do a headless login against the Salesforce org. The login uses PKCE to further secure the exchange. Once the login has been performed the obtained access token is used to get information about the user from the /services/oauth2/userinfo endpoint.

YMMV

Salesforce Token Exchange Flow

I’ve spent some time with the new token exchange flow in Salesforce. The flow allows you to write and configure an Apex handler in Salesforce that can validate an incoming token (say an access_token, JWT or proprietary token) from another Identity Provider (think Okta, Auth0 or any custom implementation) in Salesforce and return a Salesforce access token that can be used towards Salesforce for API access. This can simplify the integration scenario for micro services or other apps as access can be granted based on an already proved identity. The returned Salesforce access token is then used for API access as the Apex handler also maps the incoming token to a user in Salesforce – the user may optionally be created on the fly.

I captured my findings, wrote instructions on how to implement wrote an example implementation in a Github repo.

As an interesting aside, the metadata type for the OAuth Token Exchange Handler is not yet supported with the “new” source format so it has to be deployed with the old school metadata API and format (still using the CLI though).

Scratch org with Salesforce Event Monitoring

Note to self – scratch org definition file to create a scratch org with Event Monitoring enabled. This is a super easy way to quickly spin up an org with Event Monitoring for testing or development. As always the trick is to know the feature and the settings to avoid the manual setup.

{
  "orgName": "foo",
  "edition": "Developer",
  "country": "US",
  "features": ["EventLogFile", "PersonAccounts"],
  "settings": {
    "lightningExperienceSettings": {
      "enableS1DesktopEnabled": true
    },
    "mobileSettings": {
      "enableS1EncryptedStoragePref2": false
    },
    "eventSettings": {
      "enableEventLogGeneration": true,
      "enableTransactionSecurityPolicies": true,
      "enableDeleteMonitoringData": true,
      "enableLoginForensics": true,
      "enableStreamingApi": true,
      "enableTerminateOldestSession": true,
      "enableDynamicStreamingChannel": false,
      "bypassMeteringBlock" :false
    }
  }
}

Scratch org with Salesforce Order Management

Note to self – scratch org definition file to create a scratch org with B2B Commerce and Order Management. The trick was to ensure Enhanced Orders was enabled as well.

{
  "orgName": "foo",
  "edition": "Enterprise",
  "release": "preview",
  "features": ["PersonAccounts", "B2BCommerce", "OrderManagement", "Communities", "EnableSetPasswordInApi", "SalesforceIdentityForCommunities", "Sites", "ExternalIdentityLogin"],
  "language": "en_US",
  "country": "US",
  "settings": {
    "lightningExperienceSettings": {
      "enableS1DesktopEnabled": true
    },
    "mobileSettings": {
      "enableS1EncryptedStoragePref2": false
    },
    "communitiesSettings": {
      "enableNetworksEnabled": true
    },
    "languageSettings":{
      "enableTranslationWorkbench": true
    },
    "commerceSettings": {
      "commerceEnabled": true
    },
    "orderManagementSettings": {
        "enableOrderManagement": true
    },
    "orderSettings": {
        "enableEnhancedCommerceOrders": true,
        "enableOrders": true
    }
  }
}

Salesforce Identity Video – Email Templates including translation

This video talks about the email templates used for sending communications to the users of Salesforce Identity such as forgot password emails etc. I also go into translation of the emails using custom labels.

Salesforce Identity Video – MFA Enablement

This video shows how Salesforce Authenticator may be used as second factor for users logging in with Salesforce Identity. This video shows the out-of-the-box user interface but the interface may be customized.

Salesforce Identity Video – Internationalization (i18n) / Localization (l10n)

This video shows how to use custom labels and translations to provide localization of the login and/or signup experience in Salesforce Identity.

Salesforce Identity Video – PoC on Preventing Sign-in / Sign-up Page Reload

This video shows a proof-of-concept implementation using the Experience Id to customize the login experience to make login pages and sign-up pages single use. This could be used to prevent users from sending links to sign up pages to one another if consent screens needs to be shown prior to the login experience.

Salesforce Identity Video – Demo app Setup and Walk-through

This video is all about working with Salesforce, including setting up an org with the Salesforce CLI and configuring Salesforce Identity.

Salesforce Identity videos

Over the last few weeks I’ve spent a fair amount of time working with Salesforce Identity. Salesforce Identity is a very capable offering and offers a fully functional and very configurable identity provider (IdP) at a very competitive price compared to other identity providers on the market. Part of this work has been show casing a number of elements of Salesforce Identity from setting it up as a developer, to working with email templates and translations. To scale it I’ve recorded it as videos and wanted to share them on the blog in case someone could learn from it.

I’ll be posting the videos over the next couple of days. I’ve recorded videos on the following topics:

Working with Salesforce, including setting up and org, Salesforce CLI, configuring Salesforce Identity
PoC on Preventing Sign-in / Sign-up Page Reload
Internationalization (i18n) / Localization (l12n)
Email Templates including translation
MFA Enablement

The videos use two repositories I’ve created for the demos: