Support Questions

mehul_ramani · ‎07-22-2016

I am looking to pull data from salesforce objects, logs using GetHTTP Processor. I need help with configuring processor for OAuth 2.0 parameters.

pvillard · ‎07-25-2016

Hi @Mehul Ramani,

You may be interested by this thread:

https://mail-archives.apache.org/mod_mbox/nifi-users/201604.mbox/%3CBE659B6A-0174-4D04-97D5-640AD184...

On this mailing list, @Jeremy Dyer has posted an example to access Salesforce with OAuth 2.0. I enclosed it to this answer: salesforce-oauth2-login-example.xml

I've also posted a blog regarding OAuth here:

https://pierrevillard.com/2016/04/12/oauth-1-0a-with-apache-nifi-twitter-api-example/

View solution in original post

cstanca · ‎07-23-2016

@Mehul Ramani

Since you want to make the call from GetHTTP NiFi processor, to be able to make a https call you need to setup 'SSL Context Service' . Summarily, you will need to configure the truststore properties with for your SSL Context Service instance with the path to the default cacerts truststore that comes bundled with your Java installation, located at JAVA_HOME/jre/lib/security/cacerts. TrustStore is of type JKS, and the default password for Truststore is "changeit" .

If $JAVA_HOME Is set on your system, it should help point you in the right direction. If not, the location of cacerts varies depending on environment, but is approximately the following for their respective OS

OSX: /Library/Java/JavaVirtualMachines/jdk<version>.jdk/Contents/Home/jre/lib/security/cacerts. You can additionally use $(/usr/libexec/java_home) to find the path.
Windows: C:\Program Files\Java\jdk<version>\jre\lib\security\cacerts
Linux: /usr/lib/jvm/java-<version>/jre/lib/security/cacerts. You can additionally use $(readlink -f $(which java))

If this response was helpful, vote/accept it as the best answer.

mehul_ramani · ‎07-25-2016

This did help in updating SSL setting. I was looking for help with setting secret_id, client_secret. I guess Pierre posted example. Thank you for your quick response.

pvillard · ‎07-25-2016

Hi @Mehul Ramani,

You may be interested by this thread:

https://mail-archives.apache.org/mod_mbox/nifi-users/201604.mbox/%3CBE659B6A-0174-4D04-97D5-640AD184...

On this mailing list, @Jeremy Dyer has posted an example to access Salesforce with OAuth 2.0. I enclosed it to this answer: salesforce-oauth2-login-example.xml

I've also posted a blog regarding OAuth here:

https://pierrevillard.com/2016/04/12/oauth-1-0a-with-apache-nifi-twitter-api-example/

mehul_ramani · ‎07-29-2016

Hi @Pierre Villard,

Thank you for sharing workflow. However I am having trouble with output port. I am getting error "Output connection for port 'SessionID' is not defined" . Looks like I am missing something. I am fairly new to this.

Thanks much

pvillard · ‎07-29-2016

I am not the author of the workflow but I'd say that the ouput port can be used if you want to use your FlowFile in following requests to Salesforce. You don't have to necessarily use it.

nischaltewari · ‎09-09-2016

@Mehul Ramani Hello , would you be able to guide me on how you proceed with the solution and flow. thx much

mehul_ramani · ‎09-10-2016

Hi @nischal tewari, I have used same workflow that is shared by Pierre in this thread.

Thanks,

Mehul

nischaltewari · ‎09-10-2016

HI @Mehul Ramani my requirement is below .

based on the flow available, to get the token based on the flow that pierre share we are using invokehttp and then capturing the token. ( the access_token attribute is right ?) after that flow we can pass the token to another invokehttp processor to get the jason and do further processing . Since I am bit new to this , have confusion in parameter setting . did you used any specific parameter and attributes to pass token .

below is my requirement - sorry for this long post ,

The APIs are all accessed via REST invocations and return results in JSON format. The API use the OAuth 2.0 standard to authenticate all requests To authenticate to the API endpoint, we will need a token we send with every API call. To retrieve a token please follow the steps below- Request an access token by sending your Client ID and Client Secret via HTTP Basic Authentication, using an HTTP POST request. The Client ID and Client Secret need to be encoded to Base64, using the UTF-8 character set, in the form of client_id:client_secret. A resource you can use for this purpose ishttps://www.base64encode.org/.

This string is then passed as the Authorization header. The API will respond with an access token Note: Tokens are only valid for one hour. After one hour a new token is required. Pass the token as the Authorization header to access the API resources: API resource data is returned:

cjervis · ‎04-09-2024

GetHTTP itself doesn't handle OAuth2 directly. Here's a breakdown of the process:

1. Obtaining Access Token:

You'll need to acquire an access token before making API calls to Salesforce.
This typically involves a two-step process:
- Step 1: Authorization Code Grant:
  - Direct your user to a Salesforce authorization URL with your client ID and redirect URI.
  - Upon successful login and authorization, Salesforce redirects the user back to your redirect URI with an authorization code.
- Step 2: Token Request:
  - Use the authorization code retrieved in step 1 to make a POST request to Salesforce's token endpoint.
  - Include your client ID, client secret, redirect URI, and grant type ("authorization_code") in the request body.
  - If successful, Salesforce will respond with an access token and other relevant information (refresh token, expiration time).

2. Using Access Token with GetHTTP:

Once you have the access token, you can use GetHTTP to make API calls to Salesforce.
Set the following headers in your GetHTTP request:
- Authorization: Bearer <access_token> (Replace <access_token> with your actual token)
Configure the request URL with the desired Salesforce API endpoint and any necessary parameters.
Execute the GetHTTP request to retrieve data or perform actions on the Salesforce platform.

Important Considerations:

Security: Store access tokens securely and avoid exposing them in code or logs.
Token Refresh: Access tokens expire, so implement a mechanism to refresh them before expiration using the refresh token obtained during the initial authorization flow.
Libraries: Consider using libraries designed for Salesforce integrations, which can simplify the OAuth2 process and provide additional functionalities.

Cloudera Community

Support Questions

using GetHTTP for Salesforce Integration with OAuth2.0 authentication parameter