Swift, Vapor, OAuth to Salesforce
In this post we will create OAuth authentication using Swift and Vapor. As any good web app typically needs authentication and security. This example will demonstrate how to leverage Salesforce as Identity Provider or short IDP for your Server-Side-Swift app powered by Vapor framework.
I will not try to distill all possible authentication questions and flows here but rather focus on a single UWeb-Server flow used often with web applications to authorize user access via 3rd party auth IDP services. The concepts I discuss here will also apply to the mobile client apps that can use User-Agent OAuth 2.0 flow to authenticate with external service. For more information I recommend this article, Digging Deeper into OAuth 2.0 on Force.com
We will need a Salesforce Developer ORG for this demo, any DEV or Sandbox can be used. Sign up for free developer edition. We also need to set up Swift and Vapor, as instructed here. While writing this article Xcode updated to 8.3 and Swift 3.x it require a Vapor toolbox update/rebuild, you may need to reinstall Vapor & toolbox. Delete Vapor rm /usr/local/bin/vapor and reinstall with brew brew install vapor/tap/vapor, this StackOverflow was helpful. Once we are set with tools now time to look at what we need to do and picture worth… here is a flow how our web app will work with salesforce.
Salesforce Setup
Create Community
Create Connected app
Salesforce Community will provide a host mydomain URL that our app will use as gateway to authenticate or register users. MyDomain registration will require time to propagate the DNS, when domain is ready email notification will be set out.
Set up Community for Self Register users we will select Customer Community license for this example. Every Community will also create Force.com site that will host Community.
Connected app will provide a security context for our web app and OAuth configuration. Relevant parts for this article are Enabling OAuth, Supported context and Redirect URL. After we enable OAuth setting panel will show config options.
Select Supported Context to have web,
Redirect URL can be any valid endpoint, in this case we run local Vapor server, our app must respond to this url: http://localhost:8080/authorized for local development, for hosted application this url will be different, and we must add this redirect URL to our connected app configuration.
Connected app will generate Consumer Key for the app and consumer secret. We will need both for our server configuration.
Important: This connected app configuration may look like you bind your web app to single Salesforce organization. No fear this is NOT so, because Salesforce has central IDP system that makes Salesforce effective Identity and SSO provider. This configuration will allow your app to authenticate with any salesforce Org by using generic entry point URL: login.salesforce.com and your user id/password combination.
In our example we want to access our Community so we use our new Community domain for that.
Vapor App
Lets create a Vapor project
To deploy to Heroku and see our app in action we will need Heroku account (it is free to sign up). We will create a new app to deploy.
Heroku provides build-packs for many languages automatically but not yet for Swift. We need to define a custom language build-pack for our app, navigate to Settings under Heroku app Dashboard and enter Swift build-pack github URL https://github.com/kylef/heroku-buildpack-swift
For simple deployments I am using a github repository