JWT Authentication
Opened this issue · 4 comments
Please add JWT as an authentication option. This is a great tool for dot net developers, but everyone should be using the best authentication possible to connect to our production Salesforce orgs. Salesforce says JWT is the preferred method for server to server communications so this package should allow it.
@JodieM - We have been thinking about the topic in our projects here. Having large .Net applications running on Heroku and talking to a bunch of sandboxes. So I came up with an own implementation: ForceDotNetJwtCompanion. Recently put it on Nuget and migrated the first of our applications successfully. But needs a bit more testing. Looking forward to your comments...
Oh thanks @claboran that looks great... apart from the being untested bit... it's hard to switch out something in a production org that is untested... (but don't ask why we are using a many year old unofficial library in production). Anyway I will at least ask the dev team if they will be willing to test it, and we will ensure we test it on a sandbox and test site :).
@JodieM: thanks a lot. We are migrated one of our connected apps and what should I say, no problems so far. But we are still in UAT phase, so let's see. Security is always a sensitive topic.
The ForceClient accepts HttpClients as constructor arguments (https://github.com/wadewegner/Force.com-Toolkit-for-NET/blob/master/src/ForceToolkitForNET/ForceClient.cs#L30). I believe you could write some middleware (DelegatingHandler
) to handle creating the JWT and setting the authentication header.