JWT Bearer OAuth flow #48
Comments
|
@tonimelisma I know it's been a minute since this issue was raised, thanks for bearing with me. In terms of feasibility, I think it will depend on how much of the JWT work our code would have to do. My suggestion here would be that the JWT creation steps from our documentation should be handled outside SalesforcePy (with a polite recommendation or example of how to generate the cert, perhaps), and that our client only be extended to support the access token request. In that case, this shouldn't be a major effort. Architecturally, while I've been looking for an excuse to switch to a more standardised OAuth2 implementation in Python, I haven't found any such libraries that support JWT. For that reason, I would say our all-purpose OAuthRequest can do the heavy-lifting for this flow. As to how you call it at the package level, I'm open to suggestions on this. Perhaps a new |
|
Doesn't authlib support JWT bearer flows: https://github.com/lepture/authlib Why not choose a few suitable OAuth libraries (requests-oauthlib, authlib, automatic, rauth, sanction), open issues for JWT Bearer flows to discuss with maintainers the willingness, see where there's engagement and willingness to merge a PR, contribute there and just use that library for OAuth? I don't think it makes sense to reimplement OAuth functionality within a Salesforce library..? |
It would be great to have more authentication options in SalesforcePy besides username-password OAuth flow.
As discussed in issue #21, as SalesforcePy is now mostly a headless library, implementing User Agent or Web Server OAuth flows would be hugely complex.
So I'm proposing implementing a JWT Bearer OAuth flow wherein the SalesforcePy client would authenticate via a certificate to the Salesforce org.
Pointers on feasibility, architectural guidance and product strategy are all appreciated.
The text was updated successfully, but these errors were encountered: