Web Server OAuth flow implementation

[epic-alex-rodionov]

Salesforce provides many different OAuth flows to meet specific security and integration needs. Currently only password flow is implemented. So it would be good to have Web Server OAuth flow implementation, which works with grant_type=authorization_code and access token.

This flow is great when you want the end-user to enter their credentials to authorize the integration and you don’t want to store the credentials on your system since it could be a security risk.

[Crim]

What do you think is the best way to implement this? Do you think we should open up the SessionRefreshHandler interface so developers can pass their own implementation?

Or do you think we should write our own implementation of the Web Server OAuth flow? Or perhaps both?

Thoughts?
Thanks!

[epic-alex-rodionov]

Well, it would be good to have more flexible client to be able to use different auth variants. Yes, maybe both is better, but SessionRefreshHandler maybe has more priority. Thanks!

[Crim]

I put together an extremely rough idea of how this could work. I need to verify we can implement alternative authentication flows using the PardotClient::userDefinedRequest() method from the updated SessionRefreshHandler::refreshCredentials interface method.

I'll continue to play around with this soon.

[epic-alex-rodionov]

Thank you @Crim.

[Crim]

I released version 3.2.0 with the following methods on ConfigurationBuilder to allow for using a RefreshToken or AccessToken for authenication.

If you use the AccessToken method, it has no way to automatically refresh/renew the session when it expires. If you use the RefreshToken method, it will automatically refresh/renew the session if it expires.

/**
     * For configuring authenticating to the Pardot API using a previously acquired access_token acquired using
     * the access_code OAuth2 authentication flow.
     *
     * Note this authentication scheme has no provisions for renewing expired sessions automatically.
     * See withSsoRefreshTokenLogin() method using a refresh_token.
     *
     * @param accessToken Salesforce access_token.
     * @param clientId Connected Application client or consumer Id.
     * @param clientSecret Connected Application client or consumer secret.
     * @param businessUnitId Id of the Pardot business unit to connect to.
     * @return Builder instance.
     */
    public ConfigurationBuilder withSsoAccessTokenLogin(final String accessToken, final String clientId, final String clientSecret, final String businessUnitId) 

and

/**
     * For configuring authenticating to the Pardot API using a refresh_token acquired using
     * the access_code oauth2 authentication flow.
     *
     * @param refreshToken Salesforce refresh_token.
     * @param clientId Connected Application client or consumer Id.
     * @param clientSecret Connected Application client or consumer secret.
     * @param businessUnitId Id of the Pardot business unit to connect to.
     * @return Builder instance.
     */
    public ConfigurationBuilder withSsoRefreshTokenLogin(final String refreshToken, final String clientId, final String clientSecret, final String businessUnitId)

Alternatively I've also exposed the following method and SessionRefreshHandler interface that allows you to define
your own session handler. I think ideally out of the box this library would/should support the most common scenarios however.

/**
     * Allows for injecting a custom {@link SessionRefreshHandler} implementation.
     * @param sessionRefreshHandler Interface for handling authentication to Pardot API.
     * @return Builder instance.
     */
    public ConfigurationBuilder withCustomAuthenticationHandler(final SessionRefreshHandler sessionRefreshHandler) 

Let me know if this solves your use case, or if there's still something outstanding that you're unable to do.

Thanks!

[epic-alex-rodionov]

@Crim thank you very much! I will try integrate it soon and will put a comment after!

[epic-alex-rodionov]

@Crim I use withSsoRefreshTokenLogin method and it looks working, not issues so far! Thank you for very fast fixing this issue!

[Crim]

Awesome! Glad to hear it!