dmt-software/salesforce-oauth-middleware

Salesforce OAuth 2.0 middleware for REST API calls

v1.0.0 2018-05-25 10:07 UTC

This package is auto-updated.

Last update: 2024-12-25 08:13:08 UTC


README

Build Status Scrutinizer Code Quality Code Coverage

This authorization middleware uses the OAuth grant_type password to authenticate and authorize a request to the Salesforce REST API.

Install

composer require dmt-software/salesforce-oauth-middleware

Usage

<?php
 
use DMT\Salesforce\Auth\Authorization\SalesforceAuthorization;
use DMT\Auth\AuthorizationMiddleware;
use GuzzleHttp\Client;
use GuzzleHttp\Handler\CurlHandler;
use GuzzleHttp\HandlerStack;
use GuzzleHttp\Middleware;
use Stevenmaguire\OAuth2\Client\Provider\Salesforce;
 
$oAuthProvider = new Salesforce(
     [
         'clientId'          => 'YourCustomedKey',
         'clientSecret'      => 'YourCustomerSecret',
         'redirectUri'       => 'https://localhost', // wont be visited for grant_type password
     ]
);
$authMiddleware = new AuthorizationMiddleware(
  new SalesforceAuthorization($oAuthProvider, 'YourUsername', 'YourPasswordAmdSecret')
);

$stack = new HandlerStack();
$stack->setHandler(new CurlHandler());
$stack->push(Middleware::mapRequest($authMiddleware));
 
$client = new Client([
    'handler' => $stack
]);
 
// request will be authorized and routed to your client (sub)domain according to the instance_url received from OAuth
$response = $client->get('https://salesforce.com/services/data/v26.0/sobjects/Account');

Cache

To re-use an access token this middleware can be configured with a PSR-16 cache implementation.

<?php
 
use DMT\Salesforce\Auth\Authorization\SalesforceAuthorization;
use DMT\Auth\AuthorizationMiddleware;
use Psr\SimpleCache\CacheInterface;
use Stevenmaguire\OAuth2\Client\Provider\Salesforce;
 
/** @var Salesforce $oAuthProvider */
/** @var CacheInterface $dataCache */
$authMiddleware = new AuthorizationMiddleware(
    new SalesforceAuthorization($oAuthProvider, 'YourUsername', 'YourPasswordAmdSecret', $dataCache)
);

NOTE: Currently Salesforce does not provide an expiration time or refresh token when grant_type password is used. Cached access tokens will be recycled every hour (when handled by this middleware). This might change later to better suit implementations (I'm open for suggestions).