@mars/make-connected-app-jwt v0.2.1
Make Salesforce Connected App with JWT certificate auth
To automate testing & deployment of Salesforce customization & integrations, headless authentication is required. Salesforce does not provide simple API keys. Instead, Salesforce provides JWT-based headless auth to support continuous integration (CI).
This JavaScript module streamlines the process of setting-up a new Connected App for headless auth.
Requirements
- install Node.js v16+ for
npx
command sfdx auth:web:login
to the target Salesforce org for the new Connected App- prerequisite: install sfdx CLI
- the login username must have permissions to create a Connected App, such as a System Administrator
- the login username should be set for
SFDX_USERNAME
variable in the following commands.
openssl
CLI which comes pre-installed on most Unix-like systems: macOS, Linux, & WSL.
Usage
1. Generate a self-signed certificate (public-private key pair)
mkdir salesforce-jwt-auth/ && cd salesforce-jwt-auth/
export PASS="$(openssl rand -hex 20)"
openssl genrsa -aes256 \
-passout "pass:$PASS" \
-out connected-app.pass.key \
4096
openssl rsa -passin "pass:$PASS" \
-in connected-app.pass.key \
-out connected-app.key
rm connected-app.pass.key
# This next command will create the certificate identity;
# fill in sensible values, which will appear in the connected app in Salesforce;
# set the Common Name to "AdminJWTLogin" or to match the Label of the Connected App
# you'll create next.
openssl req -new \
-key connected-app.key \
-out connected-app.csr
openssl x509 -req -sha256 -days 365 \
-in connected-app.csr \
-signkey connected-app.key \
-out connected-app.crt
cd -
2. Run make-connected-app-jwt
npx @mars/make-connected-app-jwt \
--username $SALESFORCE_USERNAME \
--label AdminJWTLogin \
--email $CONTACT_EMAIL \
--certificate-file salesforce-jwt-auth/connected-app.crt
The command should eventually output the new Connected App's metadata, including a consumerKey
element.
3. Login to org via JWT grant
From here, to login to the org:
sfdx force:auth:jwt:grant \
--clientid <consumerKey> \
--jwtkeyfile salesforce-jwt-auth/connected-app.key \
--username <admin username>
Replace:
<consumerKey>
with the element's value returned in the previous step<admin username>
with a System Administrator username.
Development
Customization
š“ Fork this repo to edit it as you wish.
The Connected App's properties, such as Permissions & Profiles, may be modified in templates/connectedApp-meta.xml.liquid
.
Running locally
Clone this repo. Then, in the repo, install & run the command:
npm install
npm start -- \
--username $SALESFORCE_USERNAME \
--label AdminJWTLogin \
--email $CONTACT_EMAIL \
--certificate-file salesforce-jwt-auth/connected-app.crt
Releases
Automated via merge-release GitHub action.
šāš¦ Every merge to main will trigger an npm publish.
Based on the commit messages, increments the version from the lastest release.
- If the string
BREAKING CHANGE
is found anywhere in any of the commit messages or descriptions the major version will be incremented - If a commit message begins with the string
feat
then the minor version will be increased, such asfeature: new API
- All other changes will increment the patch version.