Pluggable authentication in Salesforce 8.x-4.x

Behind the Scenes

Has an expired password ever taken your Drupal-Salesforce integration offline?

Have you been frustrated with juggling sandbox and live credentials between development environments?

Salesforce 8.x-4.x solves these problems by introducing pluggable authentication and a plugin offering OAuth JWT Bearer Token flow.

What is OAuth JWT Bearer Token flow?

Also referred to as "JWT OAuth" or "JWT" for short, this authentication mechanism uses a shared public key to provide server-to-server, non-interactive authentication. In other words, say goodbye to this screen:

Say goodbye to Salesforce interactive OAuth prompt

How do I get started?

First off, you'll need to update your Salesforce Suite module to 4.x. JWT has 3rd party dependencies, so the best way to do this is with composer.

Similar to User-Agent OAuth, JWT requires setting up a Salesforce app. We've published a guide on how to create a new JWT app or update an existing OAuth app to JWT.

Once your app is in place, enable salesforce_jwt, and follow our guide for adding a JWT provider in Drupal. And don't forget to assign the new provider as your default provider.

What does this do for me?

In versions older than 4.x, Salesforce authentication was defined as a global config. This meant juggling different configs between environments, and potentially connecting your Drupal site to the wrong Salesforce org. The new framework allows multiple configurations to cohabitate: the only global config is which one is your default.

Exposing authentication providers with plugins unlocks novel solutions, such as connecting to multiple Salesforce orgs from a single Drupal instance. Do you have an alternative authentication scheme you'd like to employ? The authentication provider plugin framework allows any contributed or custom modules to define their own providers.

We look forward to seeing how the community adpots pluggable authentication, and continues to push the envelope.