salesforce-oauth2

Salesforce OAuth2 Web Server Authentication Flow

npm install salesforce-oauth2
11 downloads in the last day
23 downloads in the last week
78 downloads in the last month

salesforce-oauth2 -- Salesforce OAuth2 Web Server Authentication Flow

Abstract

A very lightweight implementation of the OAuth2 Web Server Authentication Flow for Salesforce for Node.js.

As Salesforce already provides a very robust REST API, the aim of this module is to provide a very thin wrapper for the authentication functionality only.

Usage

An example using the express web framework:

var express = require('express');
var oauth2 = require('salesforce-oauth2');

var app = express.createServer(express.logger());

var callbackUrl = "<your callback url>";
var consumerKey = "<your consumer key>";
var consumerSecret = "<your consumer secret>";

app.get("/", function(request, response) {
    var uri = oauth2.getAuthorizationUrl({
        redirect_uri: callbackUrl,
        client_id: consumerKey,
        scope: 'api'
    });
    return response.redirect(uri);
});

app.get('/oauth/callback', function(request, response) {
    var authorizationCode = request.param('code');

    oauth2.authenticate({
        redirect_uri: callbackUrl,
        client_id: consumerKey,
        client_secret: consumerSecret,
        code: authorizationCode
    }, function(error, payload) {
        /*

        The payload should contain the following fields:

        id                 A URL, representing the authenticated user,
                        which can be used to access the Identity Service.

        issued_at        The time of token issue, represented as the 
                        number of seconds since the Unix epoch
                        (00:00:00 UTC on 1 January 1970).

        refresh_token    A long-lived token that may be used to obtain
                        a fresh access token on expiry of the access 
                        token in this response. 

        instance_url    Identifies the Salesforce instance to which API
                        calls should be sent.

        access_token    The short-lived access token.


        The signature field will be verified automatically and can be ignored.

        At this point, the client application can use the access token to authorize requests 
        against the resource server (the Force.com instance specified by the instance URL) 
        via the REST APIs, providing the access token as an HTTP header in 
        each request:

        Authorization: OAuth 00D50000000IZ3Z!AQ0AQDpEDKYsn7ioKug2aSmgCjgrPjG...
        */
    });    
});

app.listen(3000, function() {
    console.log("Listening on 3000");
});
npm loves you