Im having few thoughts about Auth0 capabilities with using the Salesforce API and would like your input on this.
Im using Auth0 with Salesforce as an identity provider to a specific Salesforce community through a connected app in Salesforce. My goal is to be able to execute queries using the Salesforce API as the logged in user.
For example: I logged in as user A and would like to get list of all accounts associated with the community I am logged in to(giving that I have necessary authorization inside Salesforce to do so)
I setup the example one page React page application to test this with Salesforce community as an social connection and I am able to login successfully and get some basic user information for example “given_name”, “family_name”, “nicname”, “name”, “picture”, “locale”, “email”, “sub” etc.
My questions are:
The access token that I have access to in the react example(when getAccessTokenSilently gets called), am I able to use that token as an access token to protected API endpoints in Salesforce or is that access token specifically for the Auth0 application?
Am I able to use the auth0-react SDK to execute queries in a similar manner as I am able to do in a open-source SDK called JSForce(see code snip here: https://jsforce.github.io/ )?
Do I have to specifically add the Salesforce API as an API in Auth0 dashboard and if so how is that integrated with the Auth0 Application that I currently have?
After doing more research this second question does not seem relevant.
Follow-up on your answer regarding that this token is for use by Auth0 APIs and any custom API’s… So I should be able to setup a custom Salesforce API in my Auth0 dashboard and then this auth token that I have access to in the react example below can be used to call protected Salesforce API endpoints?:
Just trying to figure out what is happening behind the scenes if that is the case. Is Auth0 then integration some additional Oauth flow behind the scenes to get Salesforce(or any custom API’s) auth token that grants access to protected endpoints?
Auth0 issues tokens for the Auth0 APIs (authentication API, management API) and custom APIs (an API you created and configured to accept Auth0 tokens).
Salesforce has an auth server that issues tokens for their APIs.
In some cases, when you use an external IdP (salesforce in this case), Auth0 will store whatever token is returned after a successful login from the IdP. That token is available from the management API. I linked the doc about how to receive the IdP Access Token in my previous post.
Auth0 tokens !== Saleforce tokens, but saleforce tokens may be available from the Auth0 management API. (I don’t have a salesforce IdP set up to test it.)