+ Start a Discussion
Nakul ChaudhariNakul Chaudhari 

Is it required to change OAuth endpoints based on custom domain?

We have done integration between .net application and Salesforce.

Currently we are using the primary OAuth endpoints from .net application for authentication:

For production:

For authorization: https://login.salesforce.com/services/oauth2/authorize
For token requests: https://login.salesforce.com/services/oauth2/token
For revoking OAuth tokens: https://login.salesforce.com/services/oauth2/revoke

For sandbox:

Instead of https://login.salesforce.com used https://test.salesforce.com
    
If I want to integrate .net application with a salesforce org on which custom domain has set up then do I need to change the above urls based on custom domain for each such org?

Can anyone please suggest what are the best practices for handling this?

Thanks in advance.We have done integration between .net application and Salesforce.

Currently we are using the primary OAuth endpoints from .net application for authentication:

For production:

For authorization: https://login.salesforce.com/services/oauth2/authorize
For token requests: https://login.salesforce.com/services/oauth2/token
For revoking OAuth tokens: https://login.salesforce.com/services/oauth2/revoke

For sandbox:

Instead of https://login.salesforce.com used https://test.salesforce.com
    
If I want to integrate .net application with a salesforce org on which custom domain has set up then do I need to change the above urls based on custom domain for each such org?

Can anyone please suggest what are the best practices for handling this?

Thanks in advance.
Anupam RastogiAnupam Rastogi
Hi Nakul,

The mentioned URLs in your post points to Salesforce resources that returns authorization code, access token and revokes access respectively. That is, this is basically the first step for integrating.

So for example, when integrating your app with Salesforce you need to first use https://login.salesforce.com/services/oauth2/token to get an access token. Using this access token you can call a REST API or REST Web Service (as your need be).

Visit this another post, I just shared similar details with another developer this morning. I hope this answers your query.
https://developer.salesforce.com/forums/ForumsMain?id=906F0000000BCfiIAG

In case you are using web services, then the difference would be - 
   - You need to create the web service in the salesforce instance that consumes your call
   - Modify the endpoint that points to your web service like https://[Salesforce Instance URL]/services/apexrest/v1/[Web Service Name]/

Thanks
AR

If you find the reply useful that solves your problem then please mark it as best answer.
Nakul ChaudhariNakul Chaudhari
Hi Anupam,

Thanks for sharing your thoughts.
I have gone through your comments on https://developer.salesforce.com/forums/ForumsMain?id=906F0000000BCfiIAG

We are also doing the same thing in our package. We have used login.salesforce.com domain for production and test.salesforce.com domain for sandbox in OAuth urls in .net application to connect to Salesforce. Once we authenticate user, we have used https://[Salesforce Instance URL]/... for accessing Salesforce APIs.
However, one of our new customer uses a custom domain and they login from https://<company_name>.my.salesforce.com/ on production and https://<company_name>--<sandbox_name>.sfinstance.my.salesforce.com/ on sandbox.

Do I need to change the OAuth urls considering the custom domain?
Could you please guide me for hadling this scenario?

Thanks,
Nakul
Anupam RastogiAnupam Rastogi
Hi Nakul,

When you must have made the initial call for receiving the access token, you also get the instance URL. You can use that instance URL for making the final call.

Thanks
AR
Nakul ChaudhariNakul Chaudhari
Hi Anupam,

But do I need to change the OAuth URLs considering custom domain for the initial call for receiving access token?
Could you help me with this, as I have faced issues while integrating to SF sandbox with custom domain.

Regards,
Nakul
 
Anupam RastogiAnupam Rastogi
Hi Nakul,

What is the instance URL that you are getting back along with the Access Token. You are not required to change it and use it as it is. Because you got the access token using https://test.salesforce.com/services/oauth2/token (https://test.salesforce.com) therefore there should be no need to change the instance URL for the next call.

Thanks
AR
Anupam RastogiAnupam Rastogi
Hi Nakul,

Did you make any progress?

Thanks
AR
Nakul ChaudhariNakul Chaudhari
Hi Anupam,

Actually, We are clear about the flow after getting instance URL.
We are facing issue while doing this-
We are trying to perfom OAuth2.0 with Salesforce sandbox instance having custom domain. So our first request is to URL https://test.salesforce.com/services/oauth2/authorize
However, we have faced redirection issues for this. So our question is, should this URL be changed to https://<<custom_domain>>.my.salesforce.com/services/oauth2/authorize
or
it should work with only https://test.salesforce.com/services/oauth2/authorize for all scenarios such as custom domain/SSO.

And do we also need to consider the setting for custom domain on Salesforce to "Prevent login from https://login.salesforce.com/" while implementation.
Could you please share your thoughts on this?
I am looking forward to hearing back from you on this.

Regards,
Nakul
Anupam RastogiAnupam Rastogi
Hi Nakul,

Firstly, you are using Web-Server OAuth Authentication flow here so you will be redirected to the callback URL that will also have the code. You need to use this code to retrieve the access token that you can use for further calls to salesforce.

Secondly, for using Custom Domain for logging in, if you do not prevent the users to access the usual login URL then I guess that should work as well. So basically you can use the normal URLs until you restrict users for using only the Custom Domain.

Thanks
AR