Salesforce Integration with Spring Microservice
I am using JWT bearer token flow to get access token from salesforce and then call salesforce API using this access token. I Have already generated a private key and certificate with OpenSSL and have uploaded a digital cert on the salesforce connected app. https://help.salesforce.com/articleView?id=sf.remoteaccess_oauth_jwt_flow.htm&type=5
We are only using salesforce Database and not using its UI. Our services interact with the sales force and UI has no direct interaction with salesforce API's. Our internal service needs to call salesforce Api's preserving user context.
I have gone through many OAuth flows but the JWT bearer token flow looks most optimal to me. The flow goes like this:
- Get our own application token from azure ad
- Extract user email and create new JWT for salesforce and encrypt it using the private key
- Call salesforce oath endpoint with this JWT token
- In response, salesforce will return access_token
- Use this access token to further call salesforce API’s on behalf of the actual user or service User.
Now issues are: Is my understanding correct and is there any other more secure/optimal flow than JWT bearer token flow to solve this?Salesforce token is just created with user email, anyone who knows user email can generate token on his behalf if he got the access to private key.
Is it okay to use this flow? I mean from the security perspective? Can anyone pls clear this?
Salesforce is also registered as an enterprise app in Azure Ad. Can that be leveraged to grant access tokens instead of manually creating them?
I am using Azure AKS to host microservices. Where should I save the private.key file and allow spring boot app to read it?? The private key will be in hands of Devs and that might be a security breach
Salesforce is a popular cloud-based customer relationship management (CRM) platform that enables businesses to manage their customer data effectively. On the other hand, Spring is a widely-used Java-based framework that provides a robust platform for developing microservices.
Salesforce Integrating services with Spring microservices can help businesses streamline their customer data and create efficient workflows.
To integrate Salesforce with Spring microservices, you can use the Salesforce API to access and manipulate Salesforce data. The API provides various endpoints for retrieving, updating, creating, and deleting Salesforce records. You can use these endpoints to perform CRUD (Create, Read, Update, Delete) operations on Salesforce data from your Spring microservices.0
Kindly contact the bitdefender business support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory
Additionally, @Alex_Dr or @Andra_B can have a look into this for you.
OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)0