Salesforce Authentication POST-authentication

Since the old [Auth0 Forum] is now read-only … this is continuing the research for the following post.

So I was able to get the access_token to the Salesforce API after the following two things:

  1. Auth0:
  • Changing my Auth0 / Clients / Addons / Principal Property to email.
  • Download the Auth0 signing certificate.
  1. Salesforce:
  • Go to Setup … on the left hand side under Build / Create / Apps … under Connected Apps … Edit your connected app.
  • Under the accordion “API (Enabled OAuth Settings)” make sure to select “User digital Signatures” and upload the Auth0 certificate from above.
  • The “Selected 0Auth Scopes” I chose were:
    • Access and manage your data (api)
    • Full access (full)
    • Perform requests on your behalf at any time (refresh_token, offline_access)

I also have the NodeJS I ran … I tried to format it properly in this post, but I am having a hard time, so I have it attached here. You will have to modify the code with your app settings.

Additional Question

To get the Salesforce API add-on to work in Auth0 I had to copy my Consumer Key assigned by Salesforce to Auth0 / Addon: Salesforce API. Technically a one to one relationship. This is fine during my development process, but I am looking to have an app that can be used by many different organizations that use Salesforce.

Is there any documentation / examples of this type of scenario?

The association, like you mentioned, is one to one but you can represent your multi-tenant application as more than one client application record within Auth0. In this scenario each organization would be represented by a client application. This will increase complexity, but that’s always the case when an application has to deal with different tenants/organizations in a unique way.

You could even leverage the Management API to automatically provision a client application with the correct Salesforce configuration for each of the organizations you integrate with and make this process a self-service one where an organization would provide their Salesforce integration information at the time they register with you. Your application would then based on the actual tenant/organization accessing it identify itself with Auth0 using the correct client identifier. For example, if your application provided access through a unique subdomain for each organization, you could derive this information based on the URL from which your applications is accessed.