Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Create a OAuth JWT Bearer Token flow connected app
Salesforce Suite supports pluggable authentication providers, including the recommended provider: OAuth JWT.
Before updating your Salesforce module, you'll want to familiarize yourself with the new application setup process. This guide assumes you're familiar with Drupal Salesforce Suite module, and you've read the Salesforce Quick Start guide.
If you prefer, there's also a video version of this guide:
- Generate a key and certificate to be used for your integration
-
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem"key.pem" is your private key. Use this file to create or update a new authentication key at "/admin/config/system/keys".
Make sure that you select "File" for the "Key provider" dropdown, mark the "Strip trailing line breaks" checkbox in the "Provider settings" tab, and specify the right path for key.pem. Otherwise, it can produce key errors while adding a salesforce auth provider as shown below.
Warning: openssl_sign(): supplied key param cannot be coerced into a private key in Firebase\JWT\JWT::sign() (line 209 of /var/app/current/vendor/firebase/php-jwt/src/JWT.php).
"certificate.pem" is your public key. Upload this file to your Salesforce OAuth JWT app, step 2.1.3 below.Note: this certificate has nothing to do with your web server's secure certificate. Just generate a new one certificate like this, specifically and only for the Drupal/Salesforce connection.
-
- Create a new Salesforce Connected App (under Setup > Create > Apps)
The JWT connected app setup is similar to legacy OAuth User-Agent flow, but includes additional steps.- Salesforce settings step 1 of 3: OAuth JWT Connected App settings
- check "Enable OAuth settings"
- Callback URL is required, but not used. Enter any "https://" url to your site
- check "Use digital signatures"
- Upload your certificate
- Grant "Selected OAuth Scopes":
- Select at least "Access and manage your data (api)" and "Perform requests on your behalf at any time (refresh_token, offline_access)"
- Select any additional scopes your application may require.
- Save your new app
- The resulting page will display a consumer key you'll need to complete your Drupal config. Copy this key to paste into your Salesforce settings.
- check "Enable OAuth settings"
- Salesforce settings step 2 of 3: Manage OAuth policies
- From the app page, click "Manage"
- From the manage page click "Edit Policies"
- From "Permitted users" select "Admin approved users are pre-authorized"
- Save OAuth policies
- Salesforce settings step 3 of 3: Add approved profiles
- From the manage page scroll down to "Profiles" and click "Manage Profiles"
- On the "Application Profile Assignment" page, choose the appropriate profile for the user(s) who will need JWT access from Drupal.
- Save profile assignments.
- Salesforce settings step 1 of 3: OAuth JWT Connected App settings
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
