Yes. They connect to Salesforce from their Desktop using an embedded connector saved in a project, and then send the project to you. You open the project and the copy the connector to your Server repository.
Very easy and no need to deal with tokens.
Hello @dgudkov,
Thanks for the explanation.
In any case, what do you think of my proposed solution, to make it installation-free for the client? They would just receive an email with the link to authenticate, and once authenticated EasyMorph Server is listening for the Auth token, so they don’t have to do anything else, they just need a browser and log in. No need to ask permission to the company’s system admin to install another software in their computer (and if its multiple users, then installing EasyMorph Desktop in multiple computers…).
Regards,
Roberto
Hi Roberto! If I understand you correctly, this scheme requires EasyMorph server to be accessible for the outside internet (for the client to trigger action execution and for the client's web browser to access callback url provided by this server). This requires EasyMorph server owner to have reverse proxy, public static IP, domain and manage (issue/renew) SSL certificates for the server. At a first glance, this seems like a lot of work just to avoid free EasyMorph install.
Hi Roberto,
To add to @olysak’s answer, I have a feeling that you’re trying to circumvent the intended way of doing authentication. I’m not even sure that what you’re trying to achieve is legally permitted by Salesforce’s policies.
We’re proposing a reasonable and simple solution. Installation of EasyMorph Desktop doesn’t require privileged permissions. I don’t think we can do anything else in this regard.
You can always build a custom application for your customers if you still insist on doing things your way.
@dgudkov, regarding:
I have a feeling that you’re trying to circumvent the intended way of doing authentication
I'm not trying to do this. The intention is for the client to keep authenticating the same way, only that EasyMorph Server gets the authentication directly and stores it as an authenticated connector automatically.
Also, regarding:
You can always build a custom application for your customers if you still insist on doing things your way.
Do you mean a custom application to manage the OAuth2 authentications (that would have to be connected with EasyMorph Server in some way), or are you meaning a solution that does not involve EasyMorph?
Regards,
Roberto
Hey @dgudkov, I edited my last post after creating it and added another question at the end.
It was basically regarding your comment:
You can always build a custom application for your customers if you still insist on doing things your way.
Do you mean a custom application to manage the OAuth2 authentications (that would have to be connected with EasyMorph Server in some way). Could we do that ourselves and then somehow pass the OAuth2 credentials to the EasyMorph Server connector repository? Or were you referring to use another solution that did not involve EasyMorph?
Thanks,
Roberto
I think I somewhat misunderstood your initial question. Yes, it’s somewhat related to the @RJO’s question “Big feature request on all cloud connectors”. We will have database dynamic (prompted) authentication at some point. Chances are it can be done for OAuth connectors as well, but can’t guarantee it.
At this point, if you can’t use the free edition and still need the dynamic authentication, then the only way is to build a custom application (in C# or Python) that would do the authorization and then trigger an EasyMorph workflow.
@dgudkov Regarding the custom application (in C# or Python) that would do the authorization, would that application be able to authorize the connector in EasyMorph Server?
So lets say that the client authenticates and with the custom application, we would be able to see a connector change from
to this:
by programmatically changing the Server connector repository and adding the authentication. Are you referring to this?
What do you mean that the custom application would do the authorization and then trigger an EasyMorph workflow?
Thanks very much,
Roberto
No, that's not possible. Authentication and API requests should be done in that application.
Hello @dgudkov, ok thanks for the information.
@olysak I have a three questions regarding the expiry of the the authorization codes for Salesforce / oAuth2 Process:
1. Expiry of link generated after pressing "Authorize"
In the following article (https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_web_server_flow.htm&type=5), it is mentioned that the authorization code expires after 15 minutes. However, we’re talking about the authorization code after the user has already authenticated.
What about the link that EasyMorph generates when clicking on the “Authorize” button, that also includes a code? Here’s an example:
Does this link with a certain code (that changes every time I click on the authorize button) also expire? For now I’ve done a test of accessing this link 26 minutes after I pressed on the “Authorize” button, and I was able to log in and successfully authorize. I’m asking this because If I have to send this link to the clients for them to authorize, how long will these links work for? I know that I have 15 minutes to enter the authorization code once the user has authenticated (because Salesforce tells us this code expires after 15 minutes), but I don’t know about the link that is provided to get to the authorization page.
2. Format of link generated after pressing "Authorize"
On the other hand, why does this URL I just mentioned have this structure? It is different from
Is this because EasyMorph has already passed this to Salesforce when clicking “Authorize”, and the URL with the long code (screenshot before) is Salesforce’s response to that?
3. “State” parameter in final auth code URL
Finally I had a question regarding the URL with the final authorization code when the user has authenticated. It includes not only the authorization code (parameter “code”) but also parameter “state”. According to Salesforce, “state” is the following:
Is it something you send to Salesforce? Just wanted to understand how it worked. Is it necessary to also copy the “state” parameter into the following prompt, or only the “code” is necessary?
Thanks very much!!
Roberto
This link is generated by Salesforce (roughly step 3 in the oauth flow), we (meaning, Easymorph) have no control or information about it.
This is url from step 2, initiated by EasyMorph app, so these are just different URLs.
Yes, this is what we send to Salesforce to be handed back once auth flow ends, during step 5 in aforementioned document. This is special code to ensure we get answer from Salesforce and not somebody else. We may or may not use it in the process (this is subject to change). State alone is not enough to complete the authorization, but State and Code together should be.
To be sure, just copy the whole URL every time.
