Salesforce Asked by Amyn on December 14, 2021
The usecase is very simple
I have a client app SPA in Angular(APTTUS eCommerce) using Salesforce Login for User SignIn.
I need to call a backend API(custom c# application) from the SPA to fetch data and show it to the user. I can pass the salesforce access token to the backend API.
QQ: How can the backend API validate the access token generated by salesforce? Is there a Key or Certificate or URL salesforce provides for me to validate the token in c# app and return data?
(Other Q: What claims does salesforce access token have vs Salesforce Identity token)
There's no real reason to "validate" the token. If you get a 403 error when using it, the token isn't valid (and the response will tell you why). When you obtain an access token, you can parse the response to check out the scopes. The scope tells you what you're allowed to do. Note that the scope will be the intersection of whatever you request and whatever you're allowed to do (e.g. if you request the "full" scope, but the app doesn't allow that scope, you can't have full access).
Answered by sfdcfox on December 14, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP