I am currently trying to understand if it is possible to either embed SFDC portal / comunity pages or components (cases, knowledge, Ideas) into an external web site.
Have an existing public facing website that allows customers to login, from within that want to expose the cases, knowledge & chatter functionality from SFDC community into that site.
Looking for the end user experience to be seamless and avoid any popups regarding security/credentials. Ideally it as if that data was coming from our website and not SFDC.
Thinking of using the OAuth 2.0 JWT Bearer Token Flow to perform the authentication from our website into SFDC and leverage SFDC community license.
What i am struggling with is how to then expose cases for example without having to use the API to just get a list of case records and then have to rebuild the case page UI in my own website.
All thoughts & suggestions or examples of this in action would be greatly appreciated - Thanks!
Related
I have a WordPress Website that currently uses its own authentication.
I am building a new web app on React which would be on its sub-domain.
I will be using AWS Cognito for authentication.
Now I want to enable a single sign-on between the Wordpress site and the React App via Cognito.
i.e user logs in to the Wordpress site and when he navigates to the react app, he does not have to login again.
Please suggest how to achieve this.
I am going through the exact same process right now. It's not simple, but from what I gather it is doable. There are some things you must reconcile first:
You will need to set up a cognito user pool to house all of your user configurations going forward. You should set it up with the attributes and roles you currently use in WP, and to allow SSO.
Your existing WP users will need to be imported into the Cognito User Pool. You will not be able to import their passwords unfortunately, so you will need to notify them to reset the passwords (I suggest sending them to the cognito hosted login page if you want to use a federated login with social providers such as facebook, google, apple, etc. - LinkedIn is a bit of a pain as it uses Auth0 but still doable).
For the login integration, you will need to choose whether to use AWS AMPLIFY or just the JavaScript SDK. Several coders tried to convince me to use Amplify, but I felt the sdk was much cleaner. Especially for the Node.js as there arfe several packages you can use as well as the amazon docs ... https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
For the Wordpress, this is a bit more tedious. There is, AFAICT, one plugin made by miniOrange that allows you to directly integrate an app pool, but the free functionality is limited, the docs are outdated and obscure, and I generally don't have a good feeling about their longevity. Nonetheless, I am using it for now.
Now for the fun part. Unifying the login between sites requires the use of Cognito's JWT tokens (JSON web tokens) to pass between sites. There are a number of docs that AWS offers, but none were clear to me, so I have resolved to hire someone to set these up. Here is a primer on that: https://itnext.io/aws-cognito-example-using-react-ui-and-node-js-rest-apis-part-3-jwt-secured-rest-apis-e56d336ce306
I know this is not a complete answer, but hopefully it saves you some time.
We have a website running on Kentico. When a user logs in there will be a link available for the user to navigate to a Salesforce Community. When the user clicks the link I would like to automatically log the user into the Salesforce Community. My Kentico Users as in sync with the Salesforce contacts/external users.
Has anyone implemented this? If so, can you share how you achieved? It seems like a SAML Assertion needs to be generated and posted but I am not familiar with how to do this.
Thanks in advance!
Since Kentico should not be used as the authentication provider for other applications, it will be easier for you to find out can SF Community provide some authentication API which then you can setup custom external authentication (through SF) in Kentico.
You can also consider using something like OpenID which is supported by both SF and Kentico. (https://help.salesforce.com/articleView?id=networks_authentication_options.htm&type=0)
I'm trying to implement IdentityServer3 into my architectural mix. I like the idea of registering Clients, Users, and Scopes. What I do not like is using IdentityServer3's built in login and registration forms.
I have 4 different apps that need to use my IdentityServer3 implementation (aka TokenServer). These 4 apps are AngularJs apps. I have various C# .Net WebAPI services supplying data to these 4 apps. Right now each of these 4 apps have their own authentication and registration process. I need to consolidate authentication piece using IdentityServer3.
Each of these 4 apps have different account registration/authentication needs. There's a mix bag of 3rd party authentication (Facebook, Google) as well as traditional forms authentication against an account the user has registered with.
So, I cannot have any of my AngularJs apps use the default Login/Registration forms that come with IdentityServer3. I've spent a lot of time now trying to find a way to turn off the default views and just wire each of my AngularJs apps to my TokenServer. I simply want to POST login credentials to the /token endpoint and return a token that can be used in subsequent calls to my WebAPI. I want to replace the authentication process I have for each app with IdentityServer3 without changing the existing login/registration UIs.
I cannot find a sample app or even documentation that shows how to do this. Is it even possible to 'turn off' every one of IdentityServer3's UI views and use my AngularJs client's login and registration forms?
Please point me in the right direction. Thanks for your time.
It seems you want to use the OAuth 2.0 resource owner flow - which means - your app posts credentials to the token endpoint and gets back an access token. That is totally possible - you will miss out on some features like federation and SSO. But these are the known constraints of this flow.
If you want to use a redirect based flow (which gives you SSO and e.g. Google logins etc) - you need to redirect. You can replace any of the IdentityServer views with your own. The documentation and samples have plenty of information how to do that.
https://identityserver.github.io/Documentation/docsv2/advanced/customizingViews.html
https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/CustomViewService
I'm building an API based application, which uses Laravel as the backend and AngularJS for the front-end.
User Authentication between the front-end and the API is relatively straightforward, using JSON web-tokens (JWT). This tutorial was especially helpful
But much of my front end app is not user-authenticated, it simply needs to be protected by an API key.
I would like to continue using the JWT approach if possible, but i can't find a single package or guide for securing a front-end application with a simple API key (with no initial user login). I don't want to re-invent the wheel, there must be existing solutions for this common problem..
Does anyone have any experience securing and API based AngularJS frount end for use with a custom API? Are there any packages which exist to do this?
NOTE: I have investigated Auth0, which is great, but it is has several problems (the cost, no free support for a custom user DB, no built-in support for a simple API-key)
Thanks
The best way I can think of to handle this is to create a new Laravel user for your angular site.
You will also need a proxy script which contains the site's user credentials. It would reach out to Laravel with
those credentials and return the JWT. Then you just call this proxy script from Angular to get your token. The purpose
of the proxy script being a good way to hide those credentials from users.
This way, you don't need to change anything in your API as it's really just a new user accessing the site. If or when
the user needs to elevate his credentials by signing in as himself, you can also continue to use the proxy script and
have it replace those default site credentials with the user credentials before grabbing the JWT from Laravel.
I have integrated my application with Google apps marketplace with old version of OpenID and getting the data from Google calendar by using Google calendar version 2 API. Now I need to integrate every thing to new version. I have confused a little bit as Google is providing various authentication and authorization process. I looked in to OpenID connect, JWT (JSON Web Token), Google calendar version 3 service account. May any one please help me out from this issue like that should I use to authenticate as well as for authorization. Thanks in advance.
https://developers.google.com/accounts/docs/OAuth2 gives a good overview on various ways to authenticate with Google APIs and when to use them. For instance JWT is useful when your application uses Google APIs to store/retrieve its own data i.e. not to access data of your application's user.
Also see https://developers.google.com/google-apps/calendar/auth