Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Step 5: Handle the Embedded Login Callback

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Step 5: Handle the Embedded Login Callback

            When a user logs in to a website, the Embedded Login callback URL receives the access token and uses it to retrieve user information. Both the access token and user information can be stored to local storage. Depending on your implementation, you can create a callback to handle the response on either the website (client) or the server.

            Warning
            Warning In Summer ’24, Salesforce made Embedded Login disabled by default. We recommend that you use the web server flow, the user-agent flow, or another redirect-based OAuth 2.0 flow instead of Embedded Login.

            Embedded Login relies on third-party cookies, which are blocked or restricted in most browsers. And Embedded Login works only on Google Chrome and only as long as third-party cookies are allowed there by default.

            Way back in Step 2, when you created a connected app, you supplied the URL to this callback. The callback is mainly for security, and it’s used to receive the access token. It then uses the token to fetch user information from Salesforce and write the information to the local storage, which is on the site domain. After writing user information to local storage—which is equivalent to a successful login—the callback redirects the user back to the index page.

            The main difference between a client-side and server-side callback is how the access token is received. For a normal client-side callback that’s a web page, the callback receives the access token. For a server-side callback, the server gives the callback a one-time code. Then the callback exchanges the code for an access token.

            For server-side callbacks, after using the access token to get the user information, the server writes the information out to the served file, such as an HTML file. After the user information is read on the client, it’s written to local storage, which is on the site domain.

            For more information about the login authorization process and relationship between the callback and connected app, see Embedded Login Advanced Features.

             
            Loading
            Salesforce Help | Article