Python Salesforce API 身份验证 [英] Python Salesforce API Authentication

问题描述

我正在尝试在 Salesforce 中自动创建工单.为此，我将 API 与 Python 一起使用.我已经获得了我注册的 python 应用程序的客户端 ID 和客户端密码.我已经阅读了很多问题，并且根据安全目的，我不想在我的脚本中使用用户密码"流程.有什么方法可以让我只能使用CLIENT ID"和CLIENT SECRET"来获取访问令牌，我可以在承载头中将此访问令牌传递给其他调用

I am trying to automate creating tickets in Salesforce. For this, I am using API with Python. I have got the Client ID and Client secret for my registered python Application. I have read many questions and as per the security purpose, I do not want to use the "user-password" flow for my script. Is there any way that I can only use "CLIENT ID" and "CLIENT SECRET" to get the access token where I can pass this access token in bearer header for other calls

import requests

params = {
    "grant_type": "client_credentials",
    "client_id": client_id, # Consumer Key
    "client_secret": client_secret, # Consumer Secret

}

r=requests.post("https://login.salesforce.com/services/oauth2/token", params=params)

access_token = r.json().get("access_token")

instance_url = r.json().get("instance_url")
print("Access Token:", access_token)

推荐答案

您将始终需要一个 SF 用户帐户.没有办法只让后端系统与 SF 系统对话.Salesforce 将每个人都视为用户，因此您需要为集成用户"浪费一个帐户 - 但作为回报，您可以控制对表、列、功能的访问，就像您控制真人的访问一样.这一直到底层 Oracle 数据库和数据库用户权限.

You'll always need a SF user account. There's no way to just make a backend system talk to SF system. Salesforce treats everybody as user so you need to waste an account for "integration user" - but in return you can control access to tables, columns, functionalities just like you control real humans' access. This goes all the way down to the underlying Oracle database and database user privileges.

您是否使用 OAuth2 流程(包括客户端机密)或某些 基于证书的身份验证 - 总是需要一些用户名和密码"元素.您能做的最好的事情就是确保您的应用程序不需要查看 &存储密码，而不是显示正常的 SF 登录提示，成功登录后用户将被重定向到您的应用程序以继续使用已知的会话 ID...

Whether you use OAuth2 flows (including client secrets) or maybe some certificate-based authentication - there will be always some element of "username and password" required. Best you can do is to make sure your app doesn't need to see & store the password, instead showing normal SF login prompt and on successful login user is redirected to your app to continue with known session id...

如果您的应用程序和 SF 使用相同的单点登录，那么您可能可以实现更多自动化，但从广义上讲...您必须让用户通过您的应用程序登录到 SF 或创建票证作为某些专用管理员用户(然后您将此用户的凭据存储在您的应用中)

There might be something you'll be able to automate more if your app and SF use same Single Sign-On but broadly speaking... You have to either let users login to SF via your app or create the tickets as some dedicated admin user (and then you store this user's credentials in your app)

这篇关于Python Salesforce API 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！