4

I'm writing a python application which shows some metrics about an organization. However, I'm running into two problems:

  1. There are no service accounts - I need to fetch information from Salesforce without acting as a specific user. With Google API there is the concept of a service account which has access to any resource + can be delegate any identity.
  2. OAuth authentication flow requires user redirection - I run my app on an EC2 container and all the fetching are done in the background, I can't have users having to sign-in using their Salesforce account any time they access the service. I would like to have a token of an administrator/service account in another way besides the redirection method. I came across this question & answer but I couldn't figure out how to use it in my application.
Dave Humm
  • 5,111
  • 5
  • 23
  • 37
Lewis Bushman
  • 187
  • 1
  • 6

1 Answers1

9

I believe the JWT Bearer OAuth 2.0 flow is the way to go here.

There is some setup involved (you need to generate/use an X509 certificate, use the user-agent or web-server flows to authorize once), but after you do that the JWT flow can run in a headless environment (such as AWS).

I went into some pretty fine detail in authentication using jwt about how to use the JWT flow (the example is in Apex, but should be commented thoroughly enough to make a python implementation pretty easy).

Derek F
  • 61,401
  • 15
  • 50
  • 97