Hi All,
Most of the time developers who write applications in php/java or any other language, using salesforce soap APIs (partner wsdl or enterprise wsdl), they hard-code the username/password and security token in their code or in a property file. But there is one issue in this approach, anytime, if your org password or security token get change, your application may down. You have to update the credentials in your code or property file on server to get your application work.
One alternate solution for this issue is to use OAuth token in your code and write one automated code which will refresh your oauth token whenever it gets expired. The approach which i am going to tell in few moments has a benefit that you don't have to modify your code much. The place where you setting your sessionid, you just need to change that place, instead of getting sessionid from login method, you simply need to change with oauth token way.
Here is a complete process to achieve this:
1) Go to your org, Setup->Remote Access, make New remote access entry there for your application. Give return url for the file which will get oauth code returned. In my example, i used this url
http://localhost/oauthsample/tokenprint.php
You will notice that you will get Consumer key and Consumer secret.
2) Make one php file at this location oauthsample/tokenprint.php with below code. The purpose of this code is simply print the oauth code.
<?php
var_dump($_REQUEST);
?>
3) Now use your browser, prepare this url and invoke from address bar of browser
https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=<your_consumer_key>&redirect_uri=http://localhost/oauthsample/tokenprint.php
As soon you invoke this url, you will see the generated oauth code on screen, copy the "GENERATED CODE" from the browser window.
4) Now use following html code, run it in your browser, by simply double click, fill the values in each field.
<form method="post" action="https://login.salesforce.com/services/oauth2/token">
<input type="hidden" name="grant_type" value="authorization_code"/>
<table>
<tr>
<td>
GENERATED CODE
</td>
<td>
<input type="text" name="code" />
</td>
</tr>
<tr>
<td>
CONSUMER KEY
</td>
<td>
<input type="text" name="client_id" value=""/>
</td>
</tr>
<td>
CONSUMER SECRET
</Td>
<td>
<input type="text" name="client_secret" value=""/>
</td>
</tr>
<tr>
<td>
REDIRECT URL
</td>
<td>
<input type="text" name="redirect_uri" value="http://localhost/oauthsample/tokenprint.php"/>
</td>
</tr>
</table>
<input type="submit" />
</form>
5) After you execute this, you will get xml output on screen something like this:
Here you will get two important things, one Refresh Token and second "access token".
6) Now, in your PHP/Java code you need to replace your session id with this access token. There is another thing in your code "server url", this you need to hard code something like below (make sure to use instance url of your org) :
$mySoapClient = $sfConnection->createConnection('partner.wsdl');
$serverUrl = "https://ap1.salesforce.com/services/Soap/u/25.0/00D90000000Abcd";
$sessionId = "<<ACCESS TOKEN>>";
$mylogin = $sfConnection->attach($serverUrl, $sessionId);
7) Now, how to deal with expired token? For that you need to either make a separate method for it, or simply you need enclosed you code in try, catch block and look for INVALID SESSION exception. That exception will come whenever you try to access server contents and your token is expired. So the idea is, whenever that happen , simply catch that exception and use below code to get new access token. In below code, simply replace the different fields with your org info like consumer key, secret and important "REFRESH TOKEN" which we got in step #5.
<?php
function getNewToken(){
try{
$url = 'https://login.salesforce.com/services/oauth2/token';
$fields = array(
'grant_type' => "refresh_token",
'client_id' => "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
'client_secret' => "xxxxxxxxxxx",
'refresh_token' => "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
);
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
$ch = curl_init($url);
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
$json_a=json_decode($result,true);
return $json_a;
}catch(Exception $e){
var_dump($e);
}
}
?>
You can simply call this method getNewToken() to make new token whenever needed.
You are now all set, now you don't have to worry about user credentials updation or revealing it.
Let me know if you face issue in any step.
Thanks
Aslam Bari