Change Email Utility - Salesforce

Thursday, October 11, 2012 by Aslam - The Alexendra
Hi All,
Here i am introducing one utility created by me. It is used to change the email address of salesforce org. You must have username, password and security token for the org. 

How to access utility?
You can access this utility from my site, here is the url:

Why and When you need this?
I recently came across one situation when i deadly need this utility. One of my colleague recently setup one new salesforce org. He given his username, password, email for the org. He completed his work and sent me details about username, password, security token as well. After couple of hours, when i tried to login and test from my home, i was unable to login because my IP is not white listed. I called my colleague, but his phone was off, and its DEADLINE for me to give this info to client to show him all the work. My IP was not white listed so i can't login, the email address assigned to org was for my colleague , so i even can't get the activation code. What to do?
Then i thought to create this utility.

You can change email address of the user of the salesforce org. You must know username, password and security token. This utility only send you a Email Change notification. You will get one email. You can accept that verification email change. After that when you try to login from browser using username and password, then you can easily get verification code of the org as your email address is now changed for given org.

Let me know your thoughts on this utility.

Aslam Bari

OAuth Token as Salesforce SessionId in SOAP API (PHP)

Sunday, October 7, 2012 by Aslam - The Alexendra
Hi All,
Most of the time developers who write applications in php/java or any other language, using salesforce soap APIs (partner wsdl or enterprise wsdl), they hard-code the username/password and security token in their code or in a property file. But there is one issue in this approach, anytime, if your org password or security token get change, your application may down. You have to update the credentials in your code or property file on server to get your application work.

One alternate solution for this issue is to use OAuth token in your code and write one automated code which will refresh your oauth token whenever it gets expired. The approach which i am going to tell in few moments has a benefit that you don't have to modify your code much. The place where you setting your sessionid, you just need to change that place, instead of getting sessionid from login method, you simply need to change with oauth token way.

Here is a complete process to achieve this:

1) Go to your org, Setup->Remote Access, make New remote access entry there for your application. Give return url for the file which will get oauth code returned. In my example, i used this url

You will notice that you will get Consumer key and Consumer secret.

2) Make one php file at this location oauthsample/tokenprint.php with below code. The purpose of this code is simply print the oauth code.
<?php var_dump($_REQUEST); ?>

3) Now use your browser, prepare this url and invoke from address bar of browser<your_consumer_key>&redirect_uri=http://localhost/oauthsample/tokenprint.php

As soon you invoke this url, you will see the generated oauth code on screen, copy the "GENERATED CODE" from the browser window.

4) Now use following html code, run it in your browser, by simply double click, fill the values in each field.

<form method="post" action=""> <input type="hidden" name="grant_type" value="authorization_code"/> <table> <tr> <td> GENERATED CODE </td> <td> <input type="text" name="code" /> </td> </tr> <tr> <td> CONSUMER KEY </td> <td> <input type="text" name="client_id" value=""/> </td> </tr> <td> CONSUMER SECRET </Td> <td> <input type="text" name="client_secret" value=""/> </td> </tr> <tr> <td> REDIRECT URL </td> <td> <input type="text" name="redirect_uri" value="http://localhost/oauthsample/tokenprint.php"/> </td> </tr> </table> <input type="submit" /> </form>

5) After you execute this, you will get xml output on screen something like this:

Here you will get two important things, one Refresh Token and second "access token".

6) Now, in your PHP/Java code you need to replace your session id with this access token. There is another thing in your code "server url", this you need to hard code something like below (make sure to use instance url of your org) :

$mySoapClient = $sfConnection->createConnection('partner.wsdl'); $serverUrl = ""; $sessionId = "<<ACCESS TOKEN>>"; $mylogin = $sfConnection->attach($serverUrl, $sessionId);

7) Now, how to deal with expired token? For that you need to either make a separate method for it, or simply you need enclosed you code in try, catch block and look for INVALID SESSION exception. That exception will come whenever you try to access server contents and your token is expired. So the idea is, whenever that happen , simply catch that exception and use below code to get new access token. In below code, simply replace the different fields with your org info like consumer key, secret and important "REFRESH TOKEN" which we got in step #5.

<?php function getNewToken(){ try{ $url = ''; $fields = array( 'grant_type' => "refresh_token", 'client_id' => "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 'client_secret' => "xxxxxxxxxxx", 'refresh_token' => "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" ); foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } $ch = curl_init($url); //set the url, number of POST vars, POST data curl_setopt($ch,CURLOPT_POST, true); curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); //execute post $result = curl_exec($ch); //close connection curl_close($ch); $json_a=json_decode($result,true); return $json_a; }catch(Exception $e){ var_dump($e); } } ?>

You can simply call this method getNewToken() to make new token whenever needed.

You are now all set, now you don't have to worry about user credentials updation or revealing it.

Let me know if you face issue in any step.

Aslam Bari