I have a client who's asking me to configure an OAuth JWT Bearer Token integration for them to retrieve delivery status information from a supplier. Salesforce is not the idP. Instead, the flow is essentially a Username, password flow that returns a JWT Bearer Token with a lifespan of 12 hrs. I'm trying to figure out how to configure Salesforce for this integration to work.
It seems that a Named Credentials configuration isn't appropriate since I can't set it up as OAuth since the endpoint isn't a recognized OAuth provider. I believe I'd need to create some kind of custom OAuth service handler. Also, the actual endpoint I need to call for the service I need to use requires a redirect that I don't think I can do with a Named Credential since that only allows me to append a snippet to the path which won't satisfy my needs (I need to go up a level before following a different path to the redirect).
Here's what the flow would look like:
In the image above, I've shown the initial authentication using a password & username (returns the JWT Token and a refresh token), authentication requests using the JWT Bearer Token that return a new JWT Bearer Token and refresh token, authentication results made with an expired JWT Bearer Token, and finally passing the Bearer Token to the redirect for a return of data.
Any thoughts on how I need to code this to make the https request from Salesforce?
Best Answer
According to the specs you've provided, it makes sense that you cannot use Named Credentials or any of the standard ways of doing this. I assume the responses aren't standard either, so it makes it complicated.
If I were to code this, I would probably go with the following:
To be honest, it's more or less what you have already commented, but I think it's the simplest way of doing it. I interested in other people's responses though.