Complete the OAuth Flow

To verify that the external client app is operating correctly, perform an Authorize Endpoint request and a Token Endpoint request. The Token Endpoint request produces an API Access Token that can be used to access any Salesforce API.

1. Copy the consumerKey from the global settings file. This value only exists in the global settings file after you deploy and retrieve the External Client App OAuth settings.
2. Paste the org’s URL and the consumer key into this URL in place of <org url> and <consumerKey>, and replace <callback URL> with the callbackUrl value listed in the OAuth global settings file.

   <new org url>/services/oauth2/authorize?response_type=
   code&client_id=<consumerKey>&redirect_uri=<callback URL>

3. To initiate the request for access, open the URL in a browser.
4. If prompted, log in, and then choose Allow.
   After a redirect, the encoded authorization code is included in the URL.
5. Copy the authorization code from the URL.
6. Decode the authorization code using any URL decoder.
7. Replace these values in the cURL request.
   • Replace <new org url> with the org’s URL.
   • Replace <authorization code> with the decoded authorization code from step 6.
   • Replace <clientKey> with the consumerKey field value from the global OAuth settings file.
   • Replace <clientSecret> with the consumerSecret field value from the global OAuth settings file.

   curl -X POST <new org url>/services/oauth2/token -d 'grant_type=authorization_code&code=<authorization code>&client_id=<clientKey>&client_secret=<clientSecret>&redirect_uri=https://www.example.com' | json_pp

8. Enter the configured cUrl request into the terminal.
   A successful request returns an access token.
9. Verify that the access token works using Postman API Platform to access an endpoint like UserInfo.

   For other endpoints that you can try to access, see the Salesforce REST API Developer Guide. https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/quickstart_code.htm