Sign Up ›
  • AUserWithNoName
  • NEWBIE
  • 0 Points
  • Member since 2017
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 1
    Replies
2 replies

Login using salesforce SOAP Api VS OpenID Connect REST API

I need to use a Salesforce user (username and password) to get a token. This token should be validated by a 3rd party software and Salesforce userid should be extracted from it. I have already realized this stuff using OpenID connect, but I would avoid redirection back and forth typical of OIDC.

I have read that I could achieve this goal using SOAP API (in place of OIDC), and I have some related questions:
  1. Is this true? Can I authenticate a user with SOAP endpoint without any redirect?
  2. If 1. is true: what type of token did I get? Can I validate it against a known salesforce endpoint (e.g. with OIDC I have /id/keys API endpoint for key validation)
  3. If 1. is true: how long is this token valid? It is a sort of one time password or this token has a time to live like a common JWT?
  4. (aka 3 bis) Can I refresh this token?
  5. Are SOAP API actively supported by Salesforce or this API should be not implemented in favour of OIDC Rest API?
In a broader sense: What are pros and cons of both types of authentication?
2 replies

Login using salesforce SOAP Api VS OpenID Connect REST API

I need to use a Salesforce user (username and password) to get a token. This token should be validated by a 3rd party software and Salesforce userid should be extracted from it. I have already realized this stuff using OpenID connect, but I would avoid redirection back and forth typical of OIDC.

I have read that I could achieve this goal using SOAP API (in place of OIDC), and I have some related questions:
  1. Is this true? Can I authenticate a user with SOAP endpoint without any redirect?
  2. If 1. is true: what type of token did I get? Can I validate it against a known salesforce endpoint (e.g. with OIDC I have /id/keys API endpoint for key validation)
  3. If 1. is true: how long is this token valid? It is a sort of one time password or this token has a time to live like a common JWT?
  4. (aka 3 bis) Can I refresh this token?
  5. Are SOAP API actively supported by Salesforce or this API should be not implemented in favour of OIDC Rest API?
In a broader sense: What are pros and cons of both types of authentication?