New Authorization Mechanism

Revision as of 01:31, 10 December 2024 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Intro

The new app authorization mechanism allows us to securely connect 3B Forms, 3B CLM, 3B WFM, 3B Onboarding and 3B Portals & Mobile Apps with Salesforce and the mechanism replaces the old Username + Password + Token mechanism.

The benefits of the new mechanism are:

  • If a user's password expires or is reset, the connection would continue to work without disruption
  • A more reliable connection and better error messaging
  • A server-to-server connection ensures highest level of security
  • A single setup for all 3B applications as opposed to a set up per application

Setup

Follow these steps to successfully setup the new authorization mechanism.

Get your My Domain

Go to Setup -> My Domain and copy your "My Domain" which should look something like this: https://customer-name.develop.my.salesforce.com/

Create a Connected App

Go to Setup -> App Manager and click on "New Connected App". Populate the fields as per the table below:

Field Value
Connected App Name 3B Authorization App
API Name X3B_Authorization_App
Contact Email orgs+auth@3b4sf.com
Enable OAuth Settings true
Callback URL https://login.salesforce.com (we will change this later)
Selected OAuth Scopes full, refresh_token, offline_access

Leave all other fields as defaulted.

Hit Save and then click on "Manage Consumer Details" button. Take note of the Consumer Key and Consumer Secret

Create an Auth. Provider

Go to Setup -> Auth. Providers and click on "New". Populate the fields as per the table below:

Field Value
Provider Type Salesforce
Name This Org
URL Suffix This_Org
Consumer Key The Consumer Key from the Connected App
Consumer Secret The Consumer Secret from the Connected App
Authorize Endpoint URL This is your My Domain + /services/oauth2/authorize
Token Endpoint URL This is your My Domain + /services/oauth2/token
Default Scopes refresh_token full

Leave all other fields as defaulted. Hit Save and once the Auth. Provider is created, take note of the Callback URL which will be your My Domain + /services/authcallback/This_Org

Update the Connected App

Go back to the connected app (Setup -> App Manager), and click on "edit" from the drop down menu. Update the Callback URL field (previously with placeholder https://login.salesforce.com) to the new Callback URL provided by the This_Org Auth. Provider (i.e. My Domain + /services/authcallback/This_Org).

Create a Named Credential

Go to Setup -> Named Credentials and create a new Legacy Named Credential. Populate the fields as per the table below:

Field Value
Label AuthorizationService
Name AuthorizationService
URL Paste the My Domain url here
Identity Type Named Principal
Authentication Protocol OAuth 2.0
Authentication Provider This_Org
Scope refresh_token full
Start Authentication Flow on Save true
Generate Authorization Header true
Allow Merge Fields in HTTP Header false
Allow Merge Fields in HTTP Body true

Hit Save and you will be re-directed to the login page for the org. Enter your admin's user's credentials and allow access on the next screen.

Once you have completed this process, you will be re-directed back to the Named Credential. Ensure that the field Authentication Status shows as Authenticated as username@domain.com

Update Custom Settings

By now, you have successfully created a secure connection. We now need to tell the 3B app which Authorization Named Credential to use when connecting to Salesforce. Head over to Setup -> Custom Settings -> 3B Forms (or 3B Portals, or 3B Onboarding or 3B CLM or 3B WFM settings) and click on Manage. Under the field Authorization Named Credential enter "AuthorizationService" (this is the name of the Named Credential we created earlier).

New Installs

For new installations, ensure that the classes (b3o | b3p | b3d | b3f)GlobalRemotingRouter is added to the guest site user.

Video

You can watch this short video that demoes the setup: https://drive.google.com/file/d/1jiVSP_CriAFUopqANkt-KV0i2-JJ61f2/view?usp=sharing

Support

The following app versions implement this new mechanism:

  • 3B Portals - v2.4+