...
For a SFDC connected app (and potentially elsewhere), you can use a 3rd-party JSON Web Tokens Token for user authentication. Similarly to SAML, there is no need for hard coded per-user credentials, instead a system-to-system trust relation is established using signed tokens.
Configuring the Trust Relationship
The configuration is stored in a per-partition configuration in an AppProperty advanced configuration option with the name externalJWTConfiguration
.
...
Code Block |
---|
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E9Zp0JNbDaOMqhZd1C+ /FdBTCjza0qXcjTYCbDUeY89qPpwN19QovmehCVGBSFzLOkltx0YmlCkaKLtzqfS ... ... (edited for security reasons) ... fXr4+6SBmEOVa7RSzoXr3whpdMdKsIvnDCCmT++aJvHBw63ZKGKb8+ZTAXv0z3sm LDRyhifUmEoJPGWHV6/oxZQiVRapEFe7SiVTbr2IW7OfrdE3DVrioJmATEKgVr5i zwIDAQAB -----END PUBLIC KEY----- |
Authenticating
Once the trust relationship is configured, you can use it to authenticate API calls. This is done by sending the signed (by the external system possessing the private key part) and compacted JWT token returned by the server in the standard Authorization
HTTP header in the following form:
...
The signature part is a combination of the encoded header, the encoded payload, a secret, the algorithm specified in the header – all that signed.
...
.