Adding a Salesforce OAuth (JWT Flow) Connection
For server-to-server integration, you may not want to rely on specific user credentials or OAuth access via Web flow in case the user account used is deactivated, locked out, or frozen in the future. You can use the OAuth 2.0 JSON Web Token (JWT) bearer flow for cases like these. This flow uses a certificate to sign the JWT request and doesn’t need explicit user interaction. However, this flow requires prior approval of the Connected App.
Salesforce has introduced some ways to authorize this request via various certificates. Provar now supports two types of certificates for OAuth (JWT Flow) – Java Key Store (JKS) and Private Key.
Prerequisites:
A Connected App is a prerequisite to creating a Salesforce OAuth (JWT Flow) connection. If you haven’t created any Connected App earlier, please create a new one in the Salesforce org first. For more information on creating a Connected App, please refer to Creating Connected App.
The OAuth (JWT Flow) requires prior approval of the Connected App. Prior approval of the Connected App can be done in one of the ways mentioned below:
- If your Connected App policy is set to Admin-approved users are pre-authorized, you can use profiles and permission sets to determine which user records can be used via the Connected App permission.
- If your Connected App policy is set to All users may self-authorize, you can use any user account with end-user approval and issuance of a refresh token. However, the client isn’t required to have a current or stored refresh token. The client also isn’t required to pass a client secret to the token endpoint.
Note: Provar as on date supports the Admin approved users are pre-authorized.
To connect with a particular Connected App, the user needs to provide a certificate. While creating a Connected App, in the API section-
- Select the Enable OAuth Settings checkbox.
- In the Use digital signatures field, the user needs to upload a certificate that they have created, and it will be linked to this connected app that the user will create.
Steps to add an OAuth (JWT Flow) connection in Provar
In the Add New Connection screen –
-
- In the Connection Name field, enter the name of the connection.
- In the Description field, enter the description for the connection.
- In the Connection Type field, select Salesforce and Normal Salesforce connection. Select OAuth (JWT Flow).
- In the Encryption Option field, select any one option:
-
-
- Option 1: Java Key Store (JKS)
-
-
-
- Option 2: Private Key
-
Note: Create a certificate in the Certificate and Key Management section for the JKS or Private Key in your Salesforce org.
There are three options to create a certificate:
A) Create Self-Signed Certificate – The user can create this certificate with this option. Mostly, the users create the certificate by using this option. This involves encryption and decryption at the user level only.
Note: Most users will use the Create Self-Signed Certificate option to create the certificate.
Click Create Self-Signed Certificate. A Certificate and Key Edit screen is displayed.
⦁ In the Label field, enter the name.
⦁ In the Unique Name field, enter the unique name.
⦁ Click Save.
Similarly, you can create a few certificates.
B) Create CA-Signed Certificate – With this option, the user can simply create this certificate and then send it to a 3rd party certificate authority. They will encrypt that certificate on behalf of the user, but for that, they will charge some amount.
C) Export to Key Store – If you use this option, this is the Java Key Store field in Provar. This is the standard way of handling the certificate. If the user clicks Export to Key Store, all the certificates are combined in a single file, which is exported and downloaded to the user’s system.
Click Export to Key Store.
⦁ In the Key Store Password field, enter the password.
⦁ Click Export.
The file is exported as a (.jks) file, and this (.jks) holds the user’s certificates.
Option 1: Creating a OAuth (JWT) connection with Java Key Store (JKS)
- In the Encryption Option field, select Java Key Store (JKS).
- In the Consumer Key field, enter the consumer key. Copy the Consumer Key corresponding to the Connected App and paste it into this field.
Note: The Consumer Key is required here because the users will connect with Salesforce via this Connected App only. For more information on Consumer Key, please refer to consumer key
- In the Key Store field, upload the key store file with an extension as (.jks). Click Browse and upload the file.
- Enter the certificate name corresponding to that connected app in the Certificate Name field.
- In the Key Store Password field, enter your key store password when downloading the (.jks) file.
- In the Username field, enter the username you logged in to Salesforce.
- Click Authorise.
- When the user clicks Authorise, at the back-end, Provar will create a JWT Token and send it to Salesforce, and Salesforce will send back the Access Token details to Provar.
- The Access Token details received from Salesforce are automatically populated in the Access Token field.
Note: An error message will be displayed if the user tries to Authorise again and any detail is incorrect or incomplete.
- Click Test Connection to check if the connection is successful, and click OK.
Option 2: Creating an OAuth (JWT) connection with a Private Key
OAuth is an open-standard authorization protocol that provides secure designated access. OAuth does not share the password data but instead authorizes an application to access data from a protected resource by exchanging tokens. OAuth tokens are permissions given to a client application with restricted permissions.
- In the Encryption Option field, select Private Key.
- In the Consumer Key field, enter the consumer key. Copy the consumer key corresponding to the Connected App and paste it into this field.
- In the Private Key field, upload the private key file. Click Browse. If the Private Key option is selected, only (.key) files are highlighted. Select the (.key) extension file. Click Open.
- In the Username field, enter the username you logged in to Salesforce.
- In the Environment field, select Production/Developer Edition.
- Click Authorise.
- When the user clicks Authorise, at the back-end, Provar will create a JWT Token and send it to Salesforce, and Salesforce will send back the Access Token details to Provar.
- The Access Token details received from Salesforce are automatically populated in the Access Token field.
Note: An error message will be displayed if the user tries to Authorise again and any detail is incorrect or incomplete.
- Click Test Connection to check if the connection is successful, and click OK.
For more information, check out this course on University of Provar.
- Provar Automation
- System Requirements
- Browser and Driver Recommendations
- Installing Provar Automation
- Updating Provar Automation
- Licensing Provar
- Granting Org Permissions to Provar Automation
- Optimizing Org and Connection Metadata Processing in Provar
- Using Provar Automation
- API Testing
- Behavior-Driven Development
- Consolidating Multiple Test Execution Reports
- Creating and Importing Projects
- Creating Test Cases
- Custom Table Mapping
- Functions
- Debugging Tests
- Defining a Namespace Prefix on a Connection
- Defining Proxy Settings
- Environment Management
- Exporting Test Cases into a PDF
- Exporting Test Projects
- Japanese Language Support
- Override Auto-Retry for Test Step
- Mapping and Executing the Lightning Article Editor in Provar
- Managing Test Steps
- Namespace Org Testing
- NitroX
- Provar Automation
- Provar Test Builder
- ProvarDX
- Refresh and Recompile
- Reintroduction of CLI License Check
- Reload Org Cache
- Reporting
- Running Tests
- Searching Provar with Find Usages
- Secrets Management and Encryption
- Setup and Teardown Test Cases
- Tags and Service Level Agreements (SLAs)
- Test Cycles
- Test Plans
- Testing Browser Options
- Tooltip Testing
- Using the Test Palette
- Using Custom APIs
- Callable Tests
- Data-Driven Testing
- Page Objects
- Block Locator Strategies
- Introduction to XPaths
- Creating an XPath
- JavaScript Locator Support
- Label Locator Strategies
- Maintaining Page Objects
- Mapping Non-Salesforce fields
- Page Object Operations
- ProvarX™
- Refresh and Reselect Field Locators in Test Builder
- Using Java Method Annotations for Custom Objects
- Applications Testing
- Provar Manager
- How to Use Provar Manager
- Provar Manager Setup
- Provar Manager Integrations
- Release Management
- Test Management
- Test Operations
- Provar Manager and Provar Automation
- Setting Up a Connection to Provar Manager
- Object Mapping Between Automation and Manager
- How to Upload Test Plans, Test Plan Folders, Test Plan Instances, and Test Cases
- Provar Manager Filters
- Uploading Callable Test Cases in Provar Manager
- Uploading Test Steps in Provar Manager
- How to Know if a File in Automation is Linked in Test Manager
- Test Execution Reporting
- Metadata Coverage with Manager
- Provar Grid
- DevOps
- Introduction to Provar DevOps
- Introduction to Test Scheduling
- Apache Ant
- Configuration for Sending Emails via the Automation Command Line Interface
- Continuous Integration
- AutoRABIT Salesforce DevOps in Provar Test
- Azure DevOps
- Running a Provar CI Task in Azure DevOps Pipelines
- Configuring the Automation secrets password in Microsoft Azure Pipelines
- Parallel Execution in Microsoft Azure Pipelines using Multiple build.xml Files
- Parallel Execution in Microsoft Azure Pipelines using Targets
- Parallel execution in Microsoft Azure Pipelines using Test Plans
- Bitbucket Pipelines
- CircleCI
- Copado
- Docker
- Flosum
- Gearset
- GitHub Actions
- Integrating GitHub Actions CI to Run Automation CI Task
- Remote Trigger in GitHub Actions
- Parameterization using Environment Variables in GitHub Actions
- Parallel Execution in GitHub Actions using Multiple build.xml Files
- Parallel Execution in GitHub Actions using Targets
- Parallel Execution in GitHub Actions using Test Plan
- Parallel Execution in GitHub Actions using Job Matrix
- GitLab Continuous Integration
- Travis CI
- Jenkins
- Execution Environment Security Configuration
- Provar Jenkins Plugin
- Parallel Execution
- Running Provar on Linux
- Reporting
- Salesforce DX
- Git
- Version Control
- Masking Provar Credentials on CI
- Salesforce Testing
- Best Practices
- Improve Your Metadata Performance
- Java 21 Upgrade
- Salesforce Connection Best Practices
- Testing Best Practices
- Automation Planning
- Supported Testing Phases
- Provar Naming Standards
- Test Case Design
- Create records via API
- Avoid using static values
- Abort Unused Test Sessions/Runs
- Avoid Metadata performance issues
- Increase auto-retry waits for steps using a global variable
- Create different page objects for different pages
- The Best Ways to Change Callable Test Case Locations
- Working with the .testProject file and .secrets file
- Best practices for the .provarCaches folder
- Best practices for .pageObject files
- Troubleshooting
- How to Use Keytool Command for Importing Certificates
- Installing Provar After Upgrading to macOS Catalina
- Browsers
- Configurations and Permissions
- Connections
- DevOps
- Error Messages
- Provar Manager 3.0 Install Error Resolution
- Provar Manager Test Case Upload Resolution
- Administrator has Blocked Access to Client
- JavascriptException: Javascript Error
- macOS Big Sur Upgrade
- Resolving Failed to Create ChromeDriver Error
- Resolving Jenkins License Missing Error
- Resolving Metadata Timeout Errors
- Test Execution Fails – Firefox Not Installed
- Selenium 4 Upgrade
- Licensing, Installation and Firewalls
- Memory
- Test Builder and Test Cases
- Release Notes