Authentication Options for Salesforce
223 views
Skip to first unread message
Adam Sherman
Feb 15, 2020, 3:36:58 PM2/15/20
to Google Cloud Endpoints
Good Afternoon,
I am attempting to build an API to be accessed by Salesforce "External Services", which requires the use of their "Named Credentials" implementation that offers the following authentication options:
- Oauth 2.0
- AWS Signature Version 4
- JWT
- JWT Token Exchange
For the first part of this project, I would like to use a single set of credentials to access the API regardless of the end-user who is actually interacting with Salesforce. (In a second phase, I would like to use user-specific credentials for some parts.)
If I select JWT, the options presented are as follows:
- Issuer
- Named Principal Subject
- Audiences
- Token Valid for (duration selection)
- JWT Signing Certificate
If I select JWT Token Exchange I am presented with the additional options:
- Token Endpoint Url
- Scope
If I select OAuth 2.0, then there is another area in Salesforce to setup the provider and only Scope is asked for in the credential screen.
Can someone please help point me down the right path, here?
Thank you,
Adam Sherman
Feb 15, 2020, 10:21:21 PM2/15/20
to Google Cloud Endpoints
I've setup authentication in salesforce with the following parameters:
If I select JWT, the options presented are as follows:
- Issuer
- Token Valid for (duration selection)
1 hour
- JWT Signing Certificate
The certificate downloaded from the SA.
Now I get this error:
UNAUTHENTICATED: JWT validation failed: Could not find matching key in public key set for kid=endpoints_spikeWhere endpoints_spike is actually the name assigned to the certificate & key in Salesforce. So that must mean it needs to match the key ID for the SA, but Salesforce validates the field with this note: "The Unique Name field can only contain underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores." Any suggestions for how to deal with this restriction?
Thanks,
A.
Adam Sherman
Feb 15, 2020, 10:40:14 PM2/15/20
to Google Cloud Endpoints
Well, the rest of the config is correct! I generated SA keys repeatedly until one started with a letter, and it works. :)
--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/538a6584-ef87-4c49-9d18-3841cbb294c0%40googlegroups.com.
Teju Nareddy
Feb 16, 2020, 1:41:29 PM2/16/20
to Google Cloud Endpoints
Interesting, thanks for sharing! JWT is definitely the right option, but I was not aware of the restrictions Salesforce imposes on the key id.
On Saturday, February 15, 2020 at 7:40:14 PM UTC-8 ad...@sherman.ca wrote:
Well, the rest of the config is correct! I generated SA keys repeatedly until one started with a letter, and it works. :)On Sat, 15 Feb 2020 at 22:21, Adam Sherman <ad...@sherman.ca> wrote:I've setup authentication in salesforce with the following parameters:On Saturday, 15 February 2020 15:36:58 UTC-5, Adam Sherman wrote:If I select JWT, the options presented are as follows:
- Issuer
The SA email.
- Named Principal Subject
The SA email again.
- Audiences
- Token Valid for (duration selection)
1 hour
- JWT Signing Certificate
The certificate downloaded from the SA.Now I get this error:
--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/538a6584-ef87-4c49-9d18-3841cbb294c0%40googlegroups.com.
Adam Sherman
Feb 16, 2020, 2:20:42 PM2/16/20
to Teju Nareddy, Google Cloud Endpoints
Is there any way to force a compatible key ID?
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/538a6584-ef87-4c49-9d18-3841cbb294c0%40googlegroups.com.
--Adam Sherman
--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/3dd8b23a-9825-48a5-bc5e-2b5554acdf20%40googlegroups.com.
Teju Nareddy
Feb 16, 2020, 6:00:10 PM2/16/20
to Google Cloud Endpoints
As far as I know, no. All SA should follow a common format for their keys, I don't think you can influence it.
On Sunday, February 16, 2020 at 11:20:42 AM UTC-8 ad...@sherman.ca wrote:
Is there any way to force a compatible key ID?
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/538a6584-ef87-4c49-9d18-3841cbb294c0%40googlegroups.com.
--Adam Sherman
--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages