Is it possible?
My steps:
- Create the app in the Developer Center. On the Application URL I left the suggestion https://api.getgo.com (I guess this could be an issue, do I have to fill this with a custom url? Maybe one that the named credential generates?) ,<-yes to this
- Create an OpenID auth provider
3)Create Named Credential with identity : type "Per user" authentication protocol " Oauth 2.0", the authentication provider I made in step 2) and with Generate Authorization Header, Allow Merge Fields in HTTP Header, Allow Merge Fields in HTTP Body checked
When I try to start the authentication flow I get the error:
{"error":"invalid_request","error_description":"Required parameter(s) missing or wrong."}
From the following url request:
https://api.getgo.com/oauth/v2/authorize?response_type=code&client_id={consumerkey}&redirect_uri={salesforce sandbox url}%2Fservices%2Fauthcallback%2FgotoWebinar&state={big encoded key}
If I change the url in the Developer Center app (img in step 1) I got different errors pages in step 3)
Do you know if this is possible? I already made a connection with httpRequest and apex, But I wanted to improve that solution if possible, because with new the oauth v2.0 I have to save the refresh token and I have different issues with this (mostly the way the app is working now and the refactor that I have to make to save the refresh token because of dml limitations)
There is an underlying question and that is what's the best way to connect to a G2W app?
Thanks!
Update: I was able to authenticate, in step 2 I ticked the "send client credentials in Header" and In the app I put the callback url given in that step. With those changes in the app provider it worked. But it's only work for an hour, then I'm starting to get a 403 Forbidden "int_err_code":"InvalidToken","msg":"Invalid token passed" So named credential is not handling the refresh token, and i'm guessing it's because it is handled if the api response status is 401. (in scope I have "refresh_token full" and I actually test with "openid refresh_token full" too
EDIT : user: "Deployment Failure" has test this and discovered that scope should be identity:scim.me collab: check the comments at the first answer for more info.
Best Answer
Will Answer for anyone who is struggling with this. I could make it work but with workarounds.
First of all when creating the Auth Provider (Step 2 in my original post) Send "Client Credentials in header" should be checked too.In Default Scopes I have "openid refresh_token all" I think openid is not necessary but didn't check that yet, I also didn't check if those scopes ment to be added there or just in the named credential. The rest works as is.
Then in the GTW App (Step 1 of my original post) you should change the Application URL for the Callback URL that the Auth provider salesforce configuration gives you (at the bottom of image 2)
Last but not least, for the Authentication section fo the Named Credential you should create a Self-Signed Certificate from Setup > Security > Certificate and Key Management, then select Identity Type (Named Principal or Per User) whatever your case is. Then in scope again "openid refresh_token all" In the callout options just check Generate authorization headers and that should work BUT...
Named credentials works fine with refresh tokens when they got a 401 status response and GoToWebinar Api doesn't give you that, it gives you a 403 when the access token is expired (https://goto-developer.logmeininc.com/getgo-api-http-status-codes)
So You are pretty much done unless you change the named credential URL to just api.getgo.com and then check your calls for 403 responses, make a dummy call forcing a 401 ( any request to /oauth/v2/token with bad token will give you that status and then make the original call again because Named credential refreshed the token automatically after that forced 401.
It's hacky but it works. Hope some of you find this useful