0

I have created a connected app that I want to use as part of a JWT flow.

For this I created a certificate, by using the Create CA-Signed Certificate button from Certificate and key Management in Salesforce Set up.

From some Salesforce documentation (https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm) salesforce dont mention to use this tool, but instead use openSSl instead. I can see how much more flexibility openssl gives but will be enough using the salesforce tool to have a jwt flow?

manza
  • 1,953
  • 4
  • 33
  • 56
  • It is preferred if you can post separate questions instead of combining your questions into one. That way, it helps the people answering your question and also others hunting for at least one of your questions. Thanks! – identigral Jan 31 '20 at 05:23
  • @identigral thank you for suggestion, I will probably split the question, i wanted also for this question to be a global guide as I havent found good documentation about it, I have seem similar questions but all of them with weird issues, so i thought if this questiona re all answer, then will be an excelent guide to help anyone wanting to do soemthing similar – manza Jan 31 '20 at 05:45
  • 4
    Yep, waaay too many questions piled into one here. To help narrow down your questions though, I'll leave a few points here. 1) Users shouldn't be shown (or know about) the access token. That's information for the app/server/whatever to worry about. 2) The JWT flow doesn't use the client secret at all (that's why you need a certificate to sign the JWT). 3) You actually need to submit the JWT (look at the JWTBearerToken class) – Derek F Jan 31 '20 at 14:18
  • Aside from too many questions bundled into one question and lack of focus, there are a number of good Q&As (1, 2, 3 ) that are already available on this subject. – identigral Jan 31 '20 at 17:16
  • @identigral I have change the question, and thank you for the suggestion that you gave however, i dont believe it answer the original questions, point 1 it gives a nice summary of otherflows but I couldnt see in there or in the links provided (that I have already review) the how it works the response_type in the params. for question 2, the link you gave me was to how to authorize and i mentioned the app was already authorize. and for 3rd one you will notice i used the code that the answer suggested, hopefully this new question is a good start – manza Feb 04 '20 at 01:04
  • @DerekF I have changed the question, i request reopen hopefully it gets open again. – manza Feb 04 '20 at 01:05
  • The keypair (cert + private key) generated by Salesforce will work for inbound calls via JWT to Salesforce – identigral Feb 04 '20 at 02:01

0 Answers0