Set up Salesforce auth using OAuth2 basic support plugin

Using the OAuth2 basic support plugin you can set up Salesforce authentication.

To do so, create a connected OAuth2 app on Salesforce:

  • Create → Apps → New connected app

  • Ensure you allow access to “access basic information”

  • Set the “Callback URL” to https://YOURFORUM.COM/auth/oauth2_basic/callback : Note you must be running your Discourse forum with HTTPS.

  • Take note of client id and secret

On Discourse side, use the following site settings:

  • oauth2 enabled: true
  • oauth2 client id and secret, per previous section
  • oauth2 authorize url: https://login.salesforce.com/services/oauth2/authorize
  • oauth2 token url: https://login.salesforce.com/services/oauth2/token
  • oauth2 user json url: https://login.salesforce.com/services/oauth2/userinfo
  • oauth2 json user id path: user_id
  • oauth2 json username path: preferred_username
  • oauth2 json name path: name
  • oauth2 json email path: email
  • oauth2 email verified: true
  • oauth2 authorize options: scope, display, immediate, state

If you are having trouble be sure to enable oauth2 debug auth and check your /logs

9 Likes

Thanks for this post, which was invaluable in setting up a recent project, which required Salesforce login.

In our case, the Salesforce app was a Community, which meant we had to change some of the details above. I’m posting on this old thread in case it helps anyone else. It nearly broke my brain for a whole day.

  • oauth2 authorize url: https://[COMMUNITY_NAME].force.com/services/oauth2/authorize
  • oauth2 token url: https://[COMMUNITY_NAME].force.com/services/oauth2/token
  • oauth2 callback user id path: id

The path changes were worked out gradually (and painfully) from Salesforce and other documentation:
Connect your app to Salesforce
https://help.salesforce.com/articleView?id=remoteaccess_oauth_endpoints.htm&type=5

However we still had problems with 403 Forbidden errors, which were plain unstyled HTML and didn’t look very much like a Discourse error to me, which led to much debugging of Salesforce and gnashing of teeth. But the problem was in Discourse.

Forbidden

You don’t have permission to access this resource.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

Although the redirect to Callback URL seemed to be working, the browser console registered authentication failures. In the end it was the unset oauth2 callback user id path which was the cause of the authentication failure. Setting it to id fixed everything.

All other settings as in previous post.

1 Like

Thanks for the guidelines and we were able to successfully authenticate using Salesforce but we ran into an issue. Our SF objects/fields seems not being passed successfully to Discourse Since right after a successful SF login on Discourse, it seems Discourse treats it as new user and asking for username, email and name even if these should come from oauth2 json name, email, username fields.

May we ask help to know json format for SF objects/fields use on oauth2 plugin. We have tried object.field, object_field and just field. It seems not giving any error but still nothing is being passed from SF to Discourse via json too to recognize the login as not a new Discourse user.

Just an update here, we found a solution on our issue, these settings on our end to map SF fields.

Must do the settings:

### oauth2 fetch user details - **checked**
### oauth2 user json url - **https://<yoursfsite.com>/services/oauth2/userinfo**
### oauth2 user json url method - **get**
### oauth2 json user id path - **user_id**
### oauth2 json username path - **preferred_username**
### oauth2 json name path - **name**
### oauth2 json email path - **email**

We hope this help others looking for solution on oauth2 SF connection.

1 Like

Thanks for the info @sonny.mendoza - I’ve integrated it into the instructions at the top of this topic, so it can help out other people in future :slight_smile:

3 Likes