npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

salesforce-silent-login

v1.2.2

Published

Generates a JWT for use with the Salesforce JWT OAuth Flow and use this to get access token for Salesforce or Experience Cloud user

Downloads

10

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

pfrandsenpfrandsen

Keywords

SalesforceJWTSSOOAuth

Readme

Salesforce Silent Login

This module provides functionality to generate a signed JWT and use this JWT to login to Salesforce using the Salesforce JWT OAuth Flow. It can be used to login as a normal Salesforce user or a Experience Cloud user.

To use the module you must first

  • Generate public/private keypair (crypto keys) for signing the JWT and verifying the signature
  • Create a Connected App that uses the public key (certificate) to verify JWT signature
  • Configure Salesforce users to enable access to the Connected App

Generate Crypto Keys

Create folder for public/private key pair

mkdir cert
cd cert

Generate private key and certificate

See docs/cert for example.

openssl genrsa -out privatekey.pem 1024
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 3650 \
        -subj "/C=DK/ST=Aalborg/L=Aalborg/O=pfrandsen/OU=Development/CN=pfrandsen.dk"
# optionally generate fingerprint
openssl x509 -in publickey.cer -noout -fingerprint > fingerprint

| Field | Meaning | Example | |----------|:-------------------:|--------------| | /C= | Country | DK | | /ST= | State | Aalborg | | /L= | Location | Aalborg | | /O= | Organization | pfrandsen | | /OU= | Organizational Unit | Development | | /CN= | Common Name | pfrandsen.dk |

Create Connected App

Go to: Setup -> Apps -> App Manager and click the New Connected App button.

Configure the new Connected App

Showing the Connected App Configuration in the Salesforce Setup user interface

Check these checkboxes

  • Enable OAuth Settings
  • Use digital signatures
  • Require Secret for Refresh Token Flow

Enter a URL in the Callback URL field. It is not used but needs to be set.

Upload the certificate (publickey.cer) generated in the Generate Crypto Keys step above.

Select these OAuth scopes

  • Manage user data via APIs (api)
  • Manage user data via Web browsers (web)
  • Perform requests at any time (refresh_token, offline_access)

Click the Save button to generate the Connected App. After clicking the button it will take a few minutes before the Connected App is ready. Just click Continue.

Showing the Connected App creation information screen

Set OAuth Policies

Go to: Setup -> Apps -> Connected Apps -> Mange Connected Apps and click edit next to the apps name.

Showing the Connected App OAuth policies screen

Set the OAuth policies that are relevant for your scenarion (e.g., users are pre-authorized etc.) and click the Save button.

Get Client Id (and optionally secret)

Go to: Go to: Setup -> Apps -> App Manager and click the View option in the dropdown list next to the Connected App name. Then click the Manage Consumer Details (you will be asked to confirm with two factor authentication).

Showing the screen where consumer details can be accessed from

In the screen that is shown after two factor authentication you can see (and copy) the Consumer Key (Client Id in OAuth 2 terminology) and the Consumer Secret (Client Secret).

Showing the consumer key and secret screen

User Setup

Note: This technology allows the owner of the private key to impersonate users and it is therefore very important to protect this key. It was developed to be able to provide Single SingOn (SSO) between trusted applications and to be able to perform automated UI tests with different user profiles.

For the scenario where the Connected App is used as a Single SignOn solution for a trusted external application to e.g., deep link into a Experience Cloud site, it is recommended to add the Connected App to the Experience Cloud user profile(s). When you have a large number of users, as is often the case with Experience Cloud, permission sets are a real hassle as assignment to users are difficult to automate.

For the scenario where the Connected App is used to impersonate internal users, e.g., to run UI tests, it is recommended to add the Connected App to a Permission Set that is assigned to specific (test) users.

Example Code

The example below get access token for an Experience Cloud user in a Sandbox environment.

import * as sfLogin from 'salesforce-silent-login'

const clientId = '<consumer-key-from-Connected-App>' // clientId
const audience = 'https://<sandbox-name>.sandbox.my.site.com/<experience-cloud-site>'
const subject = '<experience-cloud-username>'
const data = sfLogin.getJwt(subject, clientId, audience, sfLogin.getCertInfo('<path-to-crypto-keys>'))
const tokenUrl = `https://<sandbox-name>.sandbox.my.site.com/<experience-cloud-site>${sfLogin.TOKEN_PATH}`
const tokenResponse = await sfLogin.getAccessToken(data.token, tokenUrl)
console.log('tokenResponse', tokenResponse)

The response will look like

{
  "access_token": "00D2...S9C",
  "sfdc_community_url": "https://<sandbox-name>.sandbox.my.site.com/<experience-cloud-site>",
  "sfdc_community_id": "0DB5p000000k9n9GAA",
  "scope": "web api",
  "instance_url": "https://<sandbox-name>.sandbox.my.salesforce.com",
  "id": "https://test.salesforce.com/id/00...AS/00...AK",
  "token_type": "Bearer",
  "ok": true
}

To access the Experience Cloud site open url like the ones given below.

const retUrl = '<relative-site-path>'
// use this to deep link into the Experience Clod site
const url = `${tokenResponse.sfdc_community_url}/secur/frontdoor.jsp?sid=${tokenResponse.access_token}&retURL=${retUrl}`
// use this to go to the default start page in the Experience Clod site
const main = `${tokenResponse.sfdc_community_url}/secur/frontdoor.jsp?sid=${tokenResponse.access_token}`

Tools

  • https://jwt.io/
  • https://token.dev/
  • https://oauthdebugger.com
  • https://oidcdebugger.com (https://recaffeinate.co/post/introducing-openid-connect-debugger/)
  • OpenSSL Quick Reference Guide