Home » CRM » Developing OAuth 2.0 Library with Apex – Day 1

Developing OAuth 2.0 Library with Apex – Day 1

Before diving into actual development of code let us revise what OAuth is and what is the difference between version 1.0 and 2.0.

OAuth stands for Open Authorization and was released in 2007. Since it’s release, it has become a mainstay in web services and social sites arena. Led by giants such as Facebook and Twitter, adoption of open authorization has spread like a fire. At its core OAuth is based on simplicity to the users but nightmare for the developers. It allows users to authenticate 3rd party apps without disclosing their passwords. Users can always revoke the authentication. Thus any application can invoke other application’s API which is mostly RESTful web service returning XML or JSON. But in order to make invocation successful, the calling application must have been registered with the service it is calling and send the required tokens and digital signature (version 1.0) with the request.

Debate over OAuth 2.0

Version 2.0 specification does not require digital signature at all. This has made the life of developers much easier but has compromised security (in my view) and caused a huge controversy. It does require SSL to secure tokens being sent over network though.  Personally I prefer 1.0 for it’s security.

Now let’s start developing for version 2.0.

Initial steps and house keeping

As mentioned earlier, we must register with the service we intend to invoke. Facebook uses version 2.0 while Twitter and LinkedIn are based on version 1.0. Let us start with Facebook and register at https://developers.facebook.com/apps.

Once the app is registered with Facebook, Facebook creates unique App Id/Consumer Key and Consumer Secret Key. We need to save the consumer key and consumer secret key somewhere along with some other information such as URLs to authorize, authenticate and make API calls.  I am going to create a custom object to store this important information. Custom object will be called OAuth_Service__c with following fields and corresponding values:

Service Name : Facebook,
AccessTokenUrl__c Text(255) : https://graph.facebook.com/oauth/access_token, //provided by facebook
AuthUrl__c Text(255),  //Used for version 1.0
CallBackURL__c Text(255): https://c.na2.visual.force.com/apex/Authservices, //VF page.
ConsumerKey__c Text(255): 981657716937450, //Fictitious but provided by Facebook in real life
ConsumerSecretKey__c Text(255): bb756kkk674s7709d50998c7, //Fictitious but provided by Facebook in real life
ReqTokenUrl__c Text(255) : https://www.facebook.com/dialog/oauth, //provided by facebook
OAuth_Version__c Text(10) : 2.0

We will discuss the use of call back URL and visual force page in details while looking into the authentication flow in the next blog.

If interested follow my twits for alerts.

Twitter: @gaikwad_arun



  1. Abhi says:

    please share the continuity of the topic

  2. Abhi says:

    please share…I am waiting…

  3. Neha says:

    Thanks For Sharing Such a Great Post,,,,,
    I would like to learn how to use the OAuth with salesforce and other apps,,
    I Followed your Instructions and created a Test App in Facebook,I Got AppId and App Secret,i stored them.Now,Where should i create a Object OAuth_Service__c ? in my salesforce org ? Please clarify me.,and From Where should get AccessTokenUrl,AuthUrl ,CallBackURL,CallBackURL,ReqTokenUrl,they are default to everyone as u mentioned in your post.

    Looking forward for your Next Post….

    Thanks & Regards

  4. An intriguing discussion is definitely worth
    comment. I believe that yoou ought to write more about this
    subject matter, it may nott be a taboo subject but typically
    peopple ddo not talk about such subjects. To the next! Best wishes!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: