Here is another guide in the series of guides that we have come up with on how to use different authentication protocols in External Credentials in Salesforce to authenticate with external systems.
(External credentials enable the safe and secure storage of authentication details for external systems. Configured through the declarative, point-and-click features of Salesforce, they significantly reduce the need for custom code that would otherwise be necessary to establish connections and authenticate with external systems.)
In this guide we will learn how to configure & use External Credential “OAuth Browser Flow” to integrate Salesforce with Google. But before we dive into this guide, here is an overview of all the different authentication protocols that external credentials support.
Salesforce External Credential Authentication Protocols – Lay of the Land
External Credentials in Salesforce support different authentication protocols to suit diverse requirements. The diagram below shows the lay of the land regarding the various authentication protocols available within external credentials.
In this post, we will learn how to use the OAuth Browser Flow with Per User Principal (highlighted by the red arrow in the image below).
Begin with the End in Mind
Here is what we will be configuring in this guide: Our end goal is to display the list of task lists from Google Tasks, allowing every Salesforce user to see their individual task lists. Once you understand how to integrate Salesforce with Google Tasks, you can build upon this knowledge to integrate with other Google products, such as Gmail, Google Calendar, Google Drive, etc.
OAuth External Credential with Browser Flow Configuration Components
Here is a visual representation of all the components that need to be configured for the OAuth Browser Flow. While this may seem like a lot (and it is), don’t worry. I have you covered with an exhaustive, step-by-step guide complete with screenshots, so that you don’t get lost.
And here is a visual representation of the flow between Salesforce & Google.
Finally, here is the overview of steps we are covering in this guide. Step by step, with screenshots.
- Create Project in Google Cloud
- Enable Required APIs in Google Cloud Project
- Create OAuth 2.0 Client ID
- Create Auth. Provider in Salesforce
- Create External Credential
- Create Named Credential
- Create/Update Permission Set
- Create Screen Flow with HTTP Callout
- Test the Flow
NOTE: Certain sections of the guide will appear as locked in the free preview. You can download the unlocked version of the guide in PDF format by subscribing to our “All Access” Pass through the link below.
References & Useful URLs
- Salesforce help article – Create and Edit an OAuth External Credential with the Browser Flow
- List of Guides on External/Named Credential
- Blog Post – Step by Step Guide to OAuth External Credential with JWT Bearer Flow & Google Service Account
- Blog Post – Step by Step Guide to OAuth External Credential with Browser Flow (Per User Principal) & Google
- Blog Post – Step by Step Guide to OAuth External Credential with Client Credentials with Client Secret Flow
- Blog Post – Step by Step Guide to No Authentication External Credential in Salesforce
How does this support refresh token?