[SalesForce] Using Facebook as an IdP with Salesforce in oAuth

I am getting an access_token from Facebook in my JavaScript. My logged in user has a HVCP profile (nowadays, a communities user). I would now like to make REST API calls to my Salesforce instance with this oAuth token in the background.

Almost all examples / docs mention Salesforce as the IdP for oAuth. However, in this case, how do I send the oAuth to Salesforce and retrieve data?

When I try the following…

loader.open('POST','https://login.salesforce.com/services/oauth2/authorize');
loader.setRequestHeader('Content-Type',
'application/x-www-form-urlencoded');
loader.setRequestHeader("Authorization", "OAuth " + myAccessToken);
//myAccessToken is the FB generated oAuth token

var params = { grant_type : 'authorization_code', client_id :
'my client id', client_secret : 'my client secret', };
loader.send(params);

I get the following error..

[ERROR][TiHttpClient(  372)] (TiHttpClient-1) [2199,2199] HTTP Error (org.apache.http.client.HttpResponseException): Bad Request
[ERROR][TiHttpClient(  372)] org.apache.http.client.HttpResponseException: Bad Request
[ERROR][TiHttpClient(  372)]    at ti.modules.titanium.network.TiHTTPClient$LocalResponseHandler.handleResponse(TiHTTPClient.java:252)
[ERROR][TiHttpClient(  372)]    at ti.modules.titanium.network.TiHTTPClient$LocalResponseHandler.handleResponse(TiHTTPClient.java:211)
[ERROR][TiHttpClient(  372)]    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:657)
[ERROR][TiHttpClient(  372)]    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:637)
[ERROR][TiHttpClient(  372)]    at ti.modules.titanium.network.TiHTTPClient$ClientRunnable.run(TiHTTPClient.java:1271)
[ERROR][TiHttpClient(  372)]    at java.lang.Thread.run(Thread.java:1019)

Any suggestions would be appreciated. Thanks!

Best Answer

It turns out that for communities user the only way to do this is by using a "User Agent Flow". This means that you will need to embed the Salesforce's Communities login page with your instance specific URL, something like myinstancename.force.com/myCommunity/Login.

You cannot use the login.salesforce.com authorization endpoint for communities, and the flow will look like this (From Salesforce's site).

OAuth 2.0 User-Agent Flow

Salesforce will handle authentication from here onwards and if your user clicks the FB logo on this page, they will be redirected to FB, and then back to Salesforce.

Once the Authorization / Authentication succeeds, Salesforce will redirect with a parameterized URL that has the Access token, instance URL, refresh token etc. that can be parsed out. Something like this....

"https://www.mysite.com/user_callback.jsp#access_token=00Dx0000000BV7z%21AR8 AQBM8J_xr9kLqmZIRyQxZgLcM4HVi41aGtW0qW3JCzf5xdTGGGSoVim8FfJkZEqxbjaFbberKGk 8v8AnYrvChG4qJbQo8&refresh_token=5Aep8614iLM.Dq661ePDmPEgaAW9Oh_L3JKkDpB4xR eb54_pZfVti1dPEk8aimw4Hr9ne7VXXVSIQ%3D%3D&expires_in=7200&state=mystate"

More details on the user agent flow here http://help.salesforce.com/help/doc/en/remoteaccess_oauth_user_agent_flow.htm

Hope this helps!

Best Answer

Related Solutions

[SalesForce] Using a cloudforce.com login page for OAuth with a hybrid mobile app

[SalesForce] Must I really use packages and a developer edition org simply to expose a JSON/REST API

Related Topic