OAuth 2.0 is the industry-standard protocol for authorization and provides secure API authorization from applications in a simple and standardized way. OAuth can authorize access to resources without revealing user credentials to apps. As an example, an Operator using Glia’s Operator Console can talk to their CRM provider, and the CRM provider generates a cryptographically signed token which is handed off to the Operator Console to authenticate the user. Glia trusts the provider and as long as that trust relationship works with the signed assertion, Glia is able to export engagement data in real-time.
Glia follows the OAuth 2.0 Authorization Code Grant Type for Enterprise Applications & Services such as CRMS, Business Intelligence Tools, Data Warehouses and Data Lakes. This flow uses two main channels, one in the front-end and one in the backend. The front-end channel is in the Glia Operator Console that is used to obtain an authorization code grant. The backend channel is in the Glia Export Service that exchanges the authorization code grant for an access token and a refresh token. It assumes the Resource Owner and Client Application are on separate devices. This is the most secure flow as it allows the client to be authenticated to redeem the authorization grant, and tokens are never passed through a user-agent. Later the access and refresh token can be used for exporting engagement data to the client’s as engagements are completed.
Glia’s OAuth Guidelines for SalesForce
Under the Build section, go to Create → Apps → Edit.
- Ensure that `Enable OAuth Settings` is checked.
- Callback URL box should include https://OPERATOR_CONSOLE_URL/oauth. For example https://app.salemove.com/oauth. Notice that for EU customers the URL will be https://app.salemove.eu/oauth
- Selected OAuth Scopes should at least grant access to something. When a refresh token is used, ensure it also includes Perform requests on your behalf at any time (refresh_token, offline_access) scope.
Under the Build section, go to Create → Apps → Manage. Click Edit Policies. Setup IP policies.
- If IP Relaxation is set to `Enforce IP restrictions`. Our Export API IPs must somehow be whitelisted in client's SalesForce app. IPs can be found in Static external IP addresses.
Check authorization input
In the operator console as a manager go to Admin -> Advance Admin -> Exports -> Edit export. In the bottom right corner, you can see the OAuth authorization for webhooks. Click on Configure OAuth.
Fill in the `Authorization URL` this must point to /services/oauth2/authorize. For example https://login.salesforce.com/services/oauth2/authorize. Check also the `Access Token URL` This must point to /services/oauth2/token. For example https://omnibrowse-dev-ed.my.salesforce.com/services/oauth2/token
Fill the customer ID and customer secret. You can get those values from the SalesForce export app. Go to Build -> Apps and click on the SM Exports App.
Customer key is visible. Click: “Click to reveal” to show the Customer secret.
Copy the Consumer Secret and Consumer Key to the configuration of OAuth in the Operator Console.
Click on Authorize Export. It will pop up a dialog window asking you to login into the system that will receive the export. In this example, SalesForce asks to enter the user and password to log in. Enter your credentials and login.
Please note that you might have to authorize Glia as a trusted app/vendor.
After authorizing a message will be displayed by the “Configure OAuth” button with the result.