I'm writing a python application which shows some metrics about an organization.
However, I'm running into two problems:
- There are no service accounts – I need to fetch information from Salesforce without acting as a specific user. With Google API there is the concept of a
service accountwhich has access to any resource + can be delegate any identity. - OAuth authentication flow requires user redirection – I run my app on an EC2 container and all the fetching are done in the background, I can't have users having to sign-in using their Salesforce account any time they access the service. I would like to have a token of an administrator/service account in another way besides the redirection method. I came across this question & answer but I couldn't figure out how to use it in my application.
Best Answer
I believe the JWT Bearer OAuth 2.0 flow is the way to go here.
There is some setup involved (you need to generate/use an X509 certificate, use the user-agent or web-server flows to authorize once), but after you do that the JWT flow can run in a headless environment (such as AWS).
I went into some pretty fine detail in authentication using jwt about how to use the JWT flow (the example is in Apex, but should be commented thoroughly enough to make a python implementation pretty easy).