- Salesforce uses the OAuth protocol to allow users of applications to securely access data without having to reveal username and password credentials.
- Before authenticate the application you need Connected App. Reference: https://help.salesforce.com/articleView?id=connected_app_create.htm&type=5
- OAuth Endpoints: Use to make authentication requests to Server.
Authorization:
https://login.salesforce.com/services/oauth2/authorize
Token Requests:
https://login.salesforce.com/services/oauth2/token
Revoking OAuth Tokens:
https://login.salesforce.com/services/oauth2/revokeHow Refresh Token Flow Works
- Request an Updated Access Token
Sending one of the following refresh token POST requests to the Salesforce token endpoint will allow an app that is connected to use the refresh token to obtain a new access token. As seen here, the client_id and client_secret can be sent by the connected app in the refresh token POST request body.
Paylaod
https://login.salesforce.com/services/oauth2/token?grant_type=refresh_token&client_id=YOUR_CONSUMER_KEY&client_secret=YOUR_CLIENT_SECRET_KEY&refresh_token=PASS_REFRESH_TOKEN_GENERATED_FROM_WEB_SERVER_FLOW
Sample Payload
https://login.salesforce.com/services/oauth2/token?grant_type=refresh_token&client_id=3MVxxxxxxxxx&client_secret=419xxxxxxxxxxx&refresh_token=5Aexxxxxxxxxxxxxxx- Salesforce Grants a New Access Token
Salesforce provides a new access token to the connected app in a response after confirming the request. A JSON response from Salesforce is shown here as an example.
{
"access_token": "00Dxxxxxxxxxxxxxxx!AQMAQHNT2NhUqx5X6QC3BJninCLmgpbsGfDA48YqmeLBCoPGSTyYNYgcjuKgfktx.XPKF_sQt4w2c7UHTFzisjoBUDBp6dfL",
"signature": "HfBA4xxxxSOUcg8ndBMnw4GuvDY1M+oWUQ8PU1l0HWbc=",
"scope": "visualforce refresh_token wave_api custom_permissions web openid chatter_api api id full",
"instance_url": "https://xxxx.my.salesforce.com",
"id": "https://login.salesforce.com/id/00Dxxxxxxxxxxxx/005xxxxxxxxxxx",
"token_type": "Bearer",
"issued_at": "1708058728442"
}
Salesforce Training 
Leave a comment