Skip to main content

FETCHING ACCESS TOKEN FOR EINSTEIN PLATFORM SERVICES AUTHNTICATION USING JWT


FETCHING ACCESS TOKEN FOR EINSTEIN PLATFORM SERVICES AUTHNTICATION USING JWT
JSON Web Token:
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.
Utility of JWT:
Authorization: This is the most common scenario for using JWT. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used across different domains.
Information Exchange: JSON Web Tokens are a good way of securely transmitting information between parties. Because JWTs can be signed—for example, using public/private key pairs—you can be sure the senders are who they say they are. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn't been tampered with.
Salesforce has provided a manual way of getting the access token from https://api.einstein.ai/token
Steps to get the access token using apex code:
·         Create Einstein Platform Services Account: https://api.einstein.ai/signup,  where we get a private key.
·         Download that key and upload that key in your salesforce org.
·         Add JWT and JWTbearerFlow classes in your org.  https://github.com/salesforceidentity/jwt
·         Create a remote site setting of https://api.einstein.ai
·         Use this code to get the access token of Einstein AI:
JWT jwt = new JWT('RS256'); // Initializing JWT
ContentVersion base64Content = [SELECT Title, VersionData FROM ContentVersion where title='einstein_platform']; // query to fetch the private key form the files
                String keyContents = base64Content.VersionData.tostring();
                keyContents = keyContents.replace('-----BEGIN RSA PRIVATE KEY-----', '');
                keyContents = keyContents.replace('-----END RSA PRIVATE KEY-----', '');
                keyContents = keyContents.replace('\n', '');
                jwt.pkcs8 = keyContents;
                jwt.aud = 'https://api.einstein.ai/v1/oauth2/token'; // End point of the authorization URL
                jwt.validFor = integer.valueOf(200000); // timestamp in seconds
                jwt.iss = 'developer.force.com';  // Issuer
                jwt.sub = '<Your email from where you created Einstein platform services account>';
                String access_token = JWTBearerFlow.getAccessToken('https://api.einstein.ai/v1/oauth2/token', jwt); // Command to get the access token using JWT bearer flow
                system.debug('access_token - '+access_token);    // This is your Access token

References:
https://metamind.readme.io/docs
https://jwt.io/introduction/



Comments

Post a Comment

Popular posts from this blog

Creating Remote Site Settings Dynamically

As remote site setting is essential for making callouts to external systems. We can create remote site through apex code: Steps: 1.       Add a metadataService class either through WSDL or you can use attached  file: metadataService.class 2.       Use below code: public void createRemoteSiteSetting (){     MetadataService.MetadataPort service = createService();     MetadataService.RemoteSiteSetting remoteSiteSettings = new MetadataService.RemoteSiteSetting();     remoteSiteSettings.fullName = ‘abc123';     remoteSiteSettings.url = 'http://www.clrdp727.com';     remoteSiteSettings.isActive=true;     remoteSiteSettings.disableProtocolSecurity=false;     service.createMetadata(new List<MetadataService.Metadata> { remoteSiteSettings }); } // This method returns the metadata service, using this we ...
4 comments
Read more

Fetching the list of Classes along with their code coverage using API

Tooling API Fetching the list of Classes along with their code coverage using Tooling API We can find the list of classes along with their code coverages from external system. PFB code to fetch the list of classes along with their coverage details, Using  Tooling API. (Here rest call is made, same can be implemented by SOAP). ----------------------------------------------------------------------------------------------------------------------     HTTPRequest req = new HTTPRequest();     String myQuery=’ select+id,ApexClassOrTrigger.Name,NumLinesCovered,NumLinesUncovered+from+ApexCodeCoverageAggregate’;     req.setEndpoint('<Login Instance> /services/data/v39.0/tooling/query/?q= '+myQuery); // Login Instance Example:  https://demo727-dev-ed.my.salesforce.com     req.setMethod('GET');     req.setHeader('Authorization', 'Bearer ' +<Enter the Session Id>); // Example: U...
3 comments
Read more

Salesforce Certified Administrator - Spring '18 Release Exam Questions

Hi, Below are the questions of the Salesforce Certified Administrator - Spring '18 Release Exam. Q1 . Which three functions are available with chart enhancements in lightning experience? Choose 3 Answers A. Download Chart images from dashboard components. B. Combine small groups into "others" on any chart. C. Show total in the center of donut charts. D. Set Chart legend position. E. Display upto 2,000 groups in line and bar charts in dashboards. Ans: ACD. Q2 . Which functionality is available to a support agent directly from the case feed? A. Configure an email template. B. Mass Email. C. Reply and forward an email. D. Delete an Email. Ans: C. Q3. What must the administrator consider when enabling Themes? A. There is no built-in theme if a custom theme is not created. B. Any user can select a theme and avatar based on their role. C. Only one theme can be active at a time and is applied to the entire org. D. Chatter External users also see the custom theme. Ans: C. Q4 . W...
1 comment
Read more