I am attempting to make a REST callout to an API in our company that uses ApiGee as the OAuth2 provider using a simple client credentials grant type. Open-ID is not enabled and will likely not be an option. The OAuth flow needs to be unattended where Salesforce would call with client id and secret to get a token and then Salesforce would make the call to the REST endpoint with that token.
It seems like creating a Named Credential is the preferred approach for REST callouts however I have been struggling to configure the Auth settings. I understand since I need a custom OAuth2 provider (without Open-ID) I need to create a Custom Authentication Provider. As mentioned above my OAuth flow needs to be an unattended client credentials. I don't understand how the 'initiate' method of my custom Auth Provider should be coded as I do not want to return a redirect page for a user to authenticate. I tried returning null, but that seemed to be problematic as it caused an internal server error when I started the OAuth flow from the Named Credentials page.
Does anyone know how to accomplish an unattended client credentials OAuth grant using Named Credentials and a Custom Auth Provider? Or if this won't work for this situation what's the next best alternative you would suggest to wire up this integration?
Best Answer
You cannot write an initiate method for a Custom Auth Provider without returning a valid PageReference object (i.e. redirect page). Salesforce configuration for Named Credential with a Custom Authentication Provider appears to be limited to the OAuth 2.0 Authorization Code Grant Type only. I don't believe that Salesforce has officially documented this key point anywhere in their documentation. If anyone has found this to be untrue, please let me know.
You do have the option to write your own code to handle a different grant type, but you'll be on your own to manage the entire authentication process/flow.
Here are a couple of references for anyone stumbling on this question in the future: https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/authproviderplugin.htm
https://www.rfc-editor.org/rfc/rfc6749#section-1.3.1 - Auth Code Grant Type
P.S. Thanks for the support @Derek F!