Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
passport-forcedotcom
Advanced tools
Readme
This is a Strategy for use with PassportJS with the Force.com platform (meaning you can use it with Saleforce CRM, your Force.com applications and Database.com).
Please Note that as of version 0.1.0, successful authentication now results in a standard PassportJS User Profile object.
npm install --save passport-forcedotcom
var passport = require('passport');
var ForceDotComStrategy = require('passport-forcedotcom').Strategy;
passport.use(new ForceDotComStrategy({
clientID: '{client_id}',
clientSecret: '{client_secret}',
scope: ['id','chatter_api'],
callbackURL: 'https://my.example.com/auth/forcedotcom/callback'
}, function verify(token, refreshToken, profile, done) {
console.log(profile);
return done(null, profile);
}));
app.get('/auth/forcedotcom', passport.authenticate('forcedotcom'), {
display: "page", // valid values are: "page", "popup", "touch", "mobile"
prompt: "", // valid values are: "login", "consent", or "login consent"
login_hint: "", // optional: the user's SalesForce email address or username
state: "" // optional: an aribrary URL encoded string that will get passed back to you
});
// this should match the callbackURL parameter above:
app.get('/auth/forcedotcom/callback',
passport.authenticate('forcedotcom', { failureRedirect: '/error' }),
function(req, res){
res.render("index",checkSession(req));
}
);
And as usual with passport, you can update the user serialization/de-serialization.
The login_hint
parameter may be used by SalesForce to pre-populate the username field on the login form. This don't seem to be very reliable though. See the SalesForce OAuth documentation for more details.
The state
parameter is useful if you need to maintain information about the user between initiating the login with SalesForce and the user being redirected back to your application. This avoids the need to rely on a cookie to maintain any state information. For example, you could use this to track the page that the user was trying to access before they started the login process. If you pass a state
string then it should be URL encoded.
In order to use this Strategy, you'll need to have a Connected App inside of Salesforce. See this article for detailed and up-to-date Connected App creation instructions.
Tips:
client_id
is referred to as "Consumer Key" and the
client_secret
is referred to as the "Consumer Secret" in some of the UI and
documentation.new ForceDotComStrategy
constructor. If you're using
express
, then the route you attach must also correspond to this URL (e.g.
app.get('/auth/forcedotcom/callback', ...)
photos
section in the User
Profile you need to set up the api
or chatter_api
scope when creating the Connected App.
skipPhoto: true
option to the
ForceDotComStrategy
constructor and only enable the id
scope.There is an example app called simple-example
in: examples/
folder. This shows how to use ForceDotCom-Passport with lots of comments.
To run locally:
app.js
in examples/simple-example
CF_CLIENT_ID
, CF_CLIENT_SECRET
, CF_CALLBACK_URL
and optionally, SF_AUTHORIZE_URL
, SF_TOKEN_URL
to match your connected app's settings.npm install
node app.js
localhost:3000
in the browser and try to login using OAuth.instance_url
can be readily available.©2013-2014 salesforce.com, All Rights Reserved.
Use and distribution is licensed under the 3-Clause BSD License.
FAQs
Salesforce.com/Force.com/Database.com authentication strategy for Passport.
The npm package passport-forcedotcom receives a total of 20,372 weekly downloads. As such, passport-forcedotcom popularity was classified as popular.
We found that passport-forcedotcom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.