omniauth-salesforce

OmniAuth Strategy for salesforce.com.

Note: This is a fork of the original project and is now the main repository for the omniauth-salesforce gem.

CSRF Protection

OmniAuth 2.0 includes CSRF protection by default. If you're upgrading from version 1.x, you'll need to ensure your application is configured to handle this. In Rails applications, you might need to add:

# config/initializers/omniauth.rb
OmniAuth.config.allowed_request_methods = [:post, :get]

Or follow the OmniAuth CSRF Protection documentation for your specific framework.

See it in action

http://omniauth-salesforce-example.herokuapp.com

Source for above app

Basic Usage

require "sinatra"
require "omniauth"
require "omniauth-salesforce"

class MyApplication < Sinatra::Base
  use Rack::Session
  use OmniAuth::Builder do
    provider :salesforce, ENV['SALESFORCE_KEY'], ENV['SALESFORCE_SECRET']
  end
end

Including other sites

use OmniAuth::Builder do
    provider :salesforce, 
             ENV['SALESFORCE_KEY'], 
             ENV['SALESFORCE_SECRET']
    provider OmniAuth::Strategies::SalesforceSandbox, 
             ENV['SALESFORCE_SANDBOX_KEY'], 
             ENV['SALESFORCE_SANDBOX_SECRET']
    provider OmniAuth::Strategies::SalesforcePreRelease, 
             ENV['SALESFORCE_PRERELEASE_KEY'], 
             ENV['SALESFORCE_PRERELEASE_SECRET']
    provider OmniAuth::Strategies::DatabaseDotCom, 
             ENV['DATABASE_DOT_COM_KEY'], 
             ENV['DATABASE_DOT_COM_SECRET']
end

Resources

• Article: Digging Deeper into OAuth 2.0 on Force.com
• OmniAuth 2.0 Documentation