function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
KJesseKJesse 

REST API Authentication WITHOUT logging in at login.salesforce.com

In REST API can you perform oauth either username / password flow OR client ID/client Secret without authenticating at the actual salesforce login page? I am trying to have salesforce authenticate and then do data transactions to my account during the user session (I dont want them to have to authenticate with my credientials or any credientials at all)
Best Answer chosen by KJesse
KJesseKJesse
I figured out this was the best way to go. The authentication occurs without redirection and all transactions are made by the salesforce account associated with the token. Check out JWT Bearer Token Flow. I implemented this in PHP not Javascript.

https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_oauth_jwt_flow.htm

All Answers

Hugh Wheeler 8Hugh Wheeler 8
I am also trying to do something similar at the moment.  I am about to have a crack at this:

http://www.wadewegner.com/2013/03/creating-anonymous-rest-apis-with-salesforce-com/

I don't yet know if it works, but it might give you a way forward.

Hugh
KJesseKJesse
I figured out this was the best way to go. The authentication occurs without redirection and all transactions are made by the salesforce account associated with the token. Check out JWT Bearer Token Flow. I implemented this in PHP not Javascript.

https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_oauth_jwt_flow.htm
This was selected as the best answer
FlorSFFlorSF
That's not true, JWT Bearer Token Flow requires manual authentication/login at least one time. It even says so many times on the help doc:
  • "The OAuth 2.0 JWT bearer token flow defines how a JWT can be used to request an OAuth access token from Salesforce
    when a client wants to use a previous authorization."
  • "The JWT is posted to the OAuth token endpoint, which in turn processes the JWT and issues an access_token 
    based on prior approval of the app."
  • "Assuming that the JWT is valid and that the user or admin authorized the app previously, Salesforce issues an access_token."