Salesforce provides a way to authorize users by using cryptographic keys. A single key may be used for multiple users. This is achieved by creating a Connected App in Salesforce. The Connected App has an associated certificate provided during configuration. Then, having a key related to the certificate, we can authorize any user allowed to do so by the Connected App (via Profile or Permission Set).
Before starting configuration, ensure that the Salesforce user who will be performing the Connected App configuration has a valid and accessible email address. This is crucial because Salesforce may send confirmation emails during the Connected App creation process.
Follow this instruction to create a Connected App: Authorize an Org Using the JWT Flow
Having completed Connected App create the following environment variables (required only for testing convenience):
- USERNAME: target Username to be authorized
- CLIENT_ID: Connected App consumer key
- SERVER_KEY: path to the private key file (e.g. server.key)
Use sf org login jwt command to authorize a user using the JWT Bearer Flow.
sf org login jwt --username "$USERNAME" --jwt-key-file "$SERVER_KEY" --client-id "$CLIENT_ID"Here is a simple example of how to authorize a user using the JWT Bearer Flow using the API. The example uses the @salesforce/core package to interact with the Salesforce API.
Reference:
- https://github.com/salesforcecli/plugin-auth/blob/main/src/commands/org/login/jwt.ts
- https://forcedotcom.github.io/sfdx-core/
# Install dependencies (including @salesforce/core)
npm install
# Run the script
npx tsx src/auth.ts "$USERNAME" "$SERVER_KEY" "$CLIENT_ID"See source code src/auth.ts.