Documentation

Looking for something in particular?

Adding a Salesforce OAuth (JWT Flow) Connection

For server-to-server integration, you may not want to rely on specific user credentials or OAuth access via Web flow in case the user account used is deactivated, locked out, or frozen in the future. You can use the OAuth 2.0 JSON Web Token (JWT) bearer flow for cases like these. This flow uses a certificate to sign the JWT request and doesn’t need explicit user interaction. However, this flow requires prior approval of the Connected App.

Salesforce has introduced some ways to authorize this request via various certificates. Provar now supports two types of certificates for OAuth (JWT Flow) –  Java Key Store (JKS) and Private Key

Prerequisites:

A Connected App is a prerequisite to creating a Salesforce OAuth (JWT Flow) connection. If you haven’t created any Connected App earlier, please create a new one in the Salesforce org first. For more information on creating a Connected App, please refer to Creating Connected App.

The OAuth (JWT Flow) requires prior approval of the Connected App. Prior approval of the Connected App can be done in one of the ways mentioned below:

  • If your Connected App policy is set to Admin-approved users are pre-authorized, you can use profiles and permission sets to determine which user records can be used via the Connected App permission.
  • If your Connected App policy is set to All users may self-authorize, you can use any user account with end-user approval and issuance of a refresh token. However, the client isn’t required to have a current or stored refresh token. The client also isn’t required to pass a client secret to the token endpoint.

Note:  Provar as on date supports the Admin approved users are pre-authorized.

To connect with a particular Connected App, the user needs to provide a certificate. While creating a Connected App, in the API section-

  • Select the Enable OAuth Settings checkbox.
  • In the Use digital signatures field, the user needs to upload a certificate that they have created, and it will be linked to this connected app that the user will create. 

Steps to add an OAuth (JWT Flow) connection in Provar

In the Add New Connection screen –

    • In the Connection Name field, enter the name of the connection.
    • In the Description field, enter the description for the connection.
    • In the Connection Type field, select Salesforce and Normal Salesforce connection. Select OAuth (JWT Flow).
    • In the Encryption Option field, select any one option:
      • Option 1: Java Key Store (JKS)
      • Option 2: Private Key 

Note: Create a certificate in the Certificate and Key Management section for the JKS or Private Key in your Salesforce org.

There are three options to create a certificate:

A) Create Self-Signed Certificate – The user can create this certificate with this option. Mostly, the users create the certificate by using this option. This involves encryption and decryption at the user level only.

Note: Most users will use the Create Self-Signed Certificate option to create the certificate. 

Click Create Self-Signed Certificate. A Certificate and Key Edit screen is displayed. 

In the Label field, enter the name.

In the Unique Name field, enter the unique name.

Click Save.

Similarly, you can create a few certificates.

B) Create CA-Signed Certificate – With this option, the user can simply create this certificate and then send it to a 3rd party certificate authority. They will encrypt that certificate on behalf of the user, but for that, they will charge some amount. 

C) Export to Key Store – If you use this option, this is the Java Key Store field in Provar. This is the standard way of handling the certificate. If the user clicks Export to Key Store, all the certificates are combined in a single file, which is exported and downloaded to the user’s system.

Click Export to Key Store. 

In the Key Store Password field, enter the password.

Click Export

The file is exported as a (.jks) file, and this (.jks) holds the user’s certificates.

Option 1: Creating a OAuth (JWT) connection with Java Key Store (JKS)

  • In the Encryption Option field, select Java Key Store (JKS)
  • In the Consumer Key field, enter the consumer key. Copy the Consumer Key corresponding to the Connected App and paste it into this field.

Note: The Consumer Key is required here because the users will connect with Salesforce via this Connected App only. For more information on Consumer Key, please refer to consumer key

  • In the Key Store field, upload the key store file with an extension as (.jks). Click Browse and upload the file.
  • Enter the certificate name corresponding to that connected app in the Certificate Name field.
  • In the Key Store Password field, enter your key store password when downloading the (.jks) file.
  • In the Username field, enter the username you logged in to Salesforce.
  • Click Authorise
  • When the user clicks Authorise, at the back-end, Provar will create a JWT Token and send it to Salesforce, and Salesforce will send back the Access Token details to Provar.
  • The Access Token details received from Salesforce are automatically populated in the Access Token field.

Note: An error message will be displayed if the user tries to Authorise again and any detail is incorrect or incomplete.

  • Click Test Connection to check if the connection is successful, and click OK.

Option 2: Creating an OAuth (JWT) connection with a Private Key 

OAuth is an open-standard authorization protocol that provides secure designated access. OAuth does not share the password data but instead authorizes an application to access data from a protected resource by exchanging tokens. OAuth tokens are permissions given to a client application with restricted permissions.

  • In the Encryption Option field, select Private Key
  • In the Consumer Key field, enter the consumer key. Copy the consumer key corresponding to the Connected App and paste it into this field.
  • In the Private Key field, upload the private key file. Click Browse. If the Private Key option is selected, only (.key) files are highlighted. Select the (.key) extension file. Click Open.
  • In the Username field, enter the username you logged in to Salesforce.
  • In the Environment field, select Production/Developer Edition.
  • Click Authorise
  • When the user clicks Authorise, at the back-end, Provar will create a JWT Token and send it to Salesforce, and Salesforce will send back the Access Token details to Provar.
  • The Access Token details received from Salesforce are automatically populated in the Access Token field.

Note: An error message will be displayed if the user tries to Authorise again and any detail is incorrect or incomplete.

  • Click Test Connection to check if the connection is successful, and click OK.

For more information, check out this course on University of Provar.

Review Provar on G2
Documentation library

Trying to raise a case with our support team?

We use cookies to better understand how our website is used so we can tailor content for you. For more information about the different cookies we use please take a look at our Privacy Policy.

Scroll to Top