Rest API Salesforce Java Integration

>>Add below Jars in the eclipse to the project. You can download them from the maven repository.

httpclient-4.2.1.jar

httpcore-4.2.1.jar

json-20090211.jar

commons-logging-1.1.1.jar

>> Run below code to get the access token and perform further operations.
===============================================

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;

import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;

import org.json.JSONException;
import org.json.JSONObject;

/**
 * This program demonstrates the following basic use cases for the REST API:
 * - authentication with OAuth 2.0 (This is for development purposes only. Not a real implementation.)
 * - querying (using account records)
 * - inserting (using a contact record related to one of the retrieved account records)
 * - updating (updates contact record added in previous step)
 *
 * @author salesforce training
 */
public class RESTApp extends Object {


//---------REST and OAuth-------
//Portions of the URI for REST access that are re-used throughout the code
private static String OAUTH_ENDPOINT = "/services/oauth2/token";
private static String REST_ENDPOINT = "/services/data";

//Basic header information added to each HTTP object that is used
//to invoke the REST API.
private static Header prettyPrintHeader = new BasicHeader("X-PrettyPrint", "1");

//================Code starts here===================
public static void main(String[] args) {
new RESTApp();
}

/**
* Constructor drives console interaction and calls appropriate methods.
*/
public RESTApp() {
RestConnectionHelper restConn = this.oauth2Login();
if (restConn.baseUri!= null) {
//Retrieved accountId that is used when contact is added.
String accountId = this.queryAccount(restConn);
if (accountId != null) {
//Id of inserted contact. Used to update contact.
String contactId = this.insertContact(restConn,accountId);
if (contactId != null) {
this.updateContact(restConn, contactId);
}  else {
System.out.println("Contact not found.");
}
} else {
System.out.println("Account not found.");
}
}
}

/**
* This method connects the program to the Salesforce organization using OAuth.
* It stores returned values for further access to organization.
* @param userCredentials Contains all credentials necessary for login
* @return
*/
public RestConnectionHelper oauth2Login() {
System.out.println("_______________ Login _______________");
OAuth2Response oauth2Response = null;
HttpResponse response = null;
UserCredentials userCredentials = new UserCredentials();
RestConnectionHelper restConn = new RestConnectionHelper();
String loginHostUri = "https://" +
userCredentials.loginInstanceDomain + OAUTH_ENDPOINT;

try {
//Construct the objects for making the request
HttpClient httpClient = new DefaultHttpClient();
// If you are behind a proxy server, uncomment
// the next line of code after supplying values for your proxy server
// httpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost("myProxy.domain.com", 8088 /*this may need to change as well*/, "http"));
HttpPost httpPost = new HttpPost(loginHostUri);
StringBuffer requestBodyText =
new StringBuffer("grant_type=password");
requestBodyText.append("&username=");
requestBodyText.append(userCredentials.userName);
requestBodyText.append("&password=");
requestBodyText.append(userCredentials.password);
requestBodyText.append("&client_id=");
requestBodyText.append(userCredentials.consumerKey);
requestBodyText.append("&client_secret=");
requestBodyText.append(userCredentials.consumerSecret);
StringEntity requestBody =
new StringEntity(requestBodyText.toString());
requestBody.setContentType("application/x-www-form-urlencoded");
httpPost.setEntity(requestBody);
httpPost.addHeader(prettyPrintHeader);
System.out.println("body is " + requestBodyText);
//Make the request and store the result
response = httpClient.execute(httpPost);

//Parse the result if we were able to connect.
if (  response.getStatusLine().getStatusCode() == 200 ) {
String response_string = EntityUtils.toString(response.getEntity());
try {
JSONObject json = new JSONObject(response_string);
oauth2Response = new OAuth2Response(json);
System.out.println("JSON returned by response: +\n" + json.toString(1));
} catch (JSONException je) {
je.printStackTrace();
}
restConn.baseUri = oauth2Response.instance_url + REST_ENDPOINT
+ "/v" + userCredentials.apiVersion +".0";
restConn.oauthHeader = new BasicHeader("Authorization", "OAuth " +
oauth2Response.access_token);
System.out.println("\nSuccessfully logged in to instance: "
+ restConn.baseUri);
} else {
System.out.println("An error has occured. Http status: " + response.getStatusLine().getStatusCode());
System.out.println(getBody(response.getEntity().getContent()));
System.exit(-1);
}
} catch (UnsupportedEncodingException uee) {
uee.printStackTrace();
} catch (IOException ioe) {
ioe.printStackTrace();
} catch (NullPointerException npe) {
npe.printStackTrace();
}
return restConn;
}

/**
* This method demonstrates
* - How to use HTTPGet and a constructed URI to retrieve data from Salesforce.
* - Simple parsing of a JSON object.
*/
public String queryAccount(RestConnectionHelper restConn) {
System.out.println("\n_______________ Account QUERY _______________");
String accountId = null;
try {
//Set up the HTTP objects needed to make the request.
HttpClient httpClient = new DefaultHttpClient();
/********************************************************
* TODO:
* Set the value of uri on the line below to the baseURI concatenated
* with the query parameter and the query string.
********************************************************/
String uri = restConn.baseUri + "/query?q=SELECT+id+,+name+FROM+Account+limit+2";
System.out.println("Query URL: " + uri);
HttpGet httpGet = new HttpGet(uri);
httpGet.addHeader(restConn.oauthHeader);
httpGet.addHeader(prettyPrintHeader);

// Make the request.
HttpResponse response = httpClient.execute(httpGet);

// Process the result
int statusCode = response.getStatusLine().getStatusCode();
if (statusCode == 200) {
String response_string = EntityUtils.toString(response.getEntity());
try {
JSONObject json = new JSONObject(response_string);
System.out.println("JSON result of Query:\n" + json.toString(1));

/********************************************************
* TODO:
* Add an assignment statement the line below
* to store the account id of the first object returned to
* use later when creating the Contact record.
********************************************************/
accountId = json.getJSONArray("records").getJSONObject(0).getString("Id");
System.out.println("accountId value is " + accountId);
} catch (JSONException je) {
je.printStackTrace();

}
} else {
System.out.println("Query was unsuccessful. Status code returned is " + statusCode);
}
} catch (IOException ioe) {
ioe.printStackTrace();
} catch (NullPointerException npe) {
npe.printStackTrace();
}
return accountId;
}

/**
* This method demonstrates
* - How to use HTTPPost and a constructed URI to insert data into Salesforce.
* - Simple creation of a JSON object.
*/
public String insertContact(RestConnectionHelper restConn, String accountId) {
System.out.println("\n_______________ Contact INSERT _______________");
String contactId = null;
/********************************************************
* TODO:
* On the line below add code to the URI
* to indicate the type of object that will be inserted into the database
********************************************************/
String uri = restConn.baseUri + "/sobjects/Contact/";
try {
//create the JSON object containing the new contact details.
JSONObject contact = new JSONObject();
contact.put("LastName", "Chin");
contact.put("FirstName", "Jasmine");
contact.put("MobilePhone", "(415)222-3333");
contact.put("Phone", "(650)123-3211");

/********************************************************
* TODO:
* On the line below add the key value pair for the accountId
* to the JSON contact data.
********************************************************/
contact.put("AccountId", accountId);
System.out.println("JSON for contact record to be inserted:\n" + contact.toString(1));

//Construct the objects needed for the request
DefaultHttpClient httpClient = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(uri);
httpPost.addHeader(restConn.oauthHeader);
httpPost.addHeader(prettyPrintHeader);
// The message we are going to post
StringEntity body = new StringEntity(contact.toString(1));
body.setContentType("application/json");
httpPost.setEntity(body);

//Make the request
HttpResponse response = httpClient.execute(httpPost);

//Process the results
int statusCode = response.getStatusLine().getStatusCode();
if (statusCode == 201) {
String response_string = EntityUtils.toString(response.getEntity());
JSONObject json = new JSONObject(response_string);
// Store the retrieved contact id to use when we update the contact.
contactId = json.getString("id");
System.out.println("New contact id from response: " + contactId);
} else {
System.out.println("Insertion unsuccessful. Status code returned is " + statusCode);
}
} catch (JSONException e) {
System.out.println("Issue creating JSON or processing results");
e.printStackTrace();
} catch (IOException ioe) {
ioe.printStackTrace();
} catch (NullPointerException npe) {
npe.printStackTrace();
}
return contactId;
}

/**
* This method demonstrates
* - How to use HTTPPatch and a constructed URI to update data in Salesforce.
* NOTE: You have to create the HTTPPatch, as it does not exist in the standard library.
* - Simple creation of a JSON object.
*/
public void updateContact(RestConnectionHelper restConn, String contactid) {
System.out.println("\n_______________ Contact UPDATE _______________");

//Notice, the id for the record to update is part of the URI, not part of the JSON
String uri = restConn.baseUri + "/sobjects/Contact/" + contactid;
try {
//Create the JSON object containing the updated contact phone number
//and the id of the contact we are updating.
JSONObject contact = new JSONObject();
contact.put("Phone", "(415)555-1234");
System.out.println("JSON for update of contact record:\n" + contact.toString(1));

//Set up the objects necessary to make the request.
DefaultHttpClient httpClient = new DefaultHttpClient();
HttpPatch httpPatch = new HttpPatch(uri);
httpPatch.addHeader(restConn.oauthHeader);
httpPatch.addHeader(prettyPrintHeader);
StringEntity body = new StringEntity(contact.toString(1));
body.setContentType("application/json");
httpPatch.setEntity(body);

//Make the request
HttpResponse response = httpClient.execute(httpPatch);

//Process the response
int statusCode = response.getStatusLine().getStatusCode();
if (statusCode == 204) {
System.out.println("Updated the contact successfully.");
} else {
System.out.println("Contact update NOT successfully. Status code is " + statusCode);
}
} catch (JSONException e) {
System.out.println("Issue creating JSON or processing results");
e.printStackTrace();
} catch (IOException ioe) {
ioe.printStackTrace();
} catch (NullPointerException npe) {
npe.printStackTrace();
}
}

/**
* Extend the Apache HttpPost method to implement an HttpPost
* method.
*/
private static class HttpPatch extends HttpPost {
public HttpPatch(String uri) {
super(uri);
}

public String getMethod() {
return "PATCH";
}
}

/**
* This class is used to hold values returned by the OAuth request.
*/
static class OAuth2Response {
String id;
String issued_at;
String instance_url;
String signature;
String access_token;

public OAuth2Response() {
}
public OAuth2Response(JSONObject json) {
try {
id =json.getString("id");
issued_at = json.getString("issued_at");
instance_url = json.getString("instance_url");
signature = json.getString("signature");
access_token = json.getString("access_token");

} catch (JSONException e) {
e.printStackTrace();
}
}
}

/**
* This class holds all the values related to the credentials needed to
* make the OAuth2 request for authentication. Normally they would not be set in
* this manner.
*/
class UserCredentials {
String loginInstanceDomain = "light601dep-dev-ed.my.salesforce.com";
String apiVersion = "47";
//---------Credentials----------
//Credentials providing access to a specific Salesforce organization.
/********************************************************
* TODO:
* 1. Enter Salesforce login userName
* 2. Enter Salesforce login password
* 3. Enter consumerKey
* 4. Enter consumerSecret
********************************************************/
String userName = "David@lightning601.com";
String password = "xxxxxxxxxG841Lq4OPaBc3nvtMcGmhC5GH";
String consumerKey = "3MVG9G9pzCUSkzZvyptQFNKyeFZLuFEuMqSNrj_gLpwyqgHTmUSLK0qb0EvWiNm6VYzLixRXeULtJZlm3LevO";
String consumerSecret = "32B4AFDB1FD3E9B8FD62FD2333ACC9B33A65778C35634F8D618745746A2A6C86";
String grantType = "password";
}

/**
* This class holds information gained from login that are used in subsequent calls.
*/
class RestConnectionHelper {
//Holds URI returned from OAuth call, which is then used throughout the code.
String baseUri;

//The oauthHeader set in the oauth2Login method, and then added to
//each HTTP object that is used to invoke the REST API.
Header oauthHeader;

}

//==========utility methods=============
/**
* Utility method for changing a stream into a String.
* @param inputStream
* @return
*/
private String getBody(InputStream inputStream) {
String result = "";
try {
BufferedReader in = new BufferedReader(
new InputStreamReader(inputStream)
);
String inputLine;
while ( (inputLine = in.readLine() ) != null ) {
result += inputLine;
result += "\n";
}
in.close();
} catch (IOException ioe) {
ioe.printStackTrace();
}
return result;
}
}

===================================================================

Integrate Java with Salesforce through Soap API

Steps I followed to get Enterpise.jar

 >>First and foremost, I took the Enterprise wsdl from Salesforce and downloaded "force-wsc-40.0.0.jar","ST4-4.0.8.jar",antlr-runtime-3.5.2.jar, js.jar(Rhino) and then took tools.jar from JDK.

>> Kept all these files in one single folder(alljars).

>> Given the path of this folder in the cmd(C:\Users\thimma.v\Desktop\alljars).

>> Then then adjusted JAVA_HOME, CLASSPATH and Path(please exact path which I had set in my environment variables)

path: .;%JAVA_HOME%

ClASSPATH : .;%JAVA_HOME%\lib;%JAVA_HOME%\lib\tools.jar;%JAVA_HOME%\lib\dt.jar;%JAVA_HOME%\jre\lib;%JAVA_HOME%\jre\lib\rt.jar;.\force-wsc-40.0.0.jar;.\enterprise.jar;

JAVA_HOME: C:\Program Files\Java\jdk1.8.0_241\bin

C:\Users\thimma.v\Desktop\alljars>java -classpath  ST4-4.0.8.jar;tools.jar;js.jar;antlr-runtime-3.5.2.jar;force-wsc-40.0.0.jar com.sforce.ws.tools.wsdlc ent.wsdl.xml enterprise.jar
[WSC][wsdlc.main:71]Generating Java files from schema ...
[WSC][wsdlc.main:71]Generated 990 java files.
[WSC][wsdlc.main:71]Compiling to target 1.6...
warning: [options] bootstrap class path not set in conjunction with -source 1.6
1 warning
[WSC][wsdlc.main:71]Compiled 994 java files.
[WSC][wsdlc.main:71]Generating jar file ... enterprise.jar
[WSC][wsdlc.main:71]Generated jar file enterprise.jar


>> Now I received generated Enterprise.jar.

>> Add Below Jars in the Eclipse.

force-wsc-40.0.0.jar(retrieved from Maven repository) and enterprise.jar(retrieved with the below cmd)

java -classpath  ST4-4.0.8.jar;tools.jar;js.jar;antlr-runtime-3.5.2.jar;force-wsc-40.0.0.jar com.sforce.ws.tools.wsdlc ent.wsdl.xml enterprise.jar

>> Now run below code to get session ID and do further operations.



import com.sforce.soap.enterprise.Connector;
import com.sforce.soap.enterprise.EnterpriseConnection;
import com.sforce.soap.enterprise.Error;
import com.sforce.soap.enterprise.QueryResult;
import com.sforce.soap.enterprise.SaveResult;
import com.sforce.soap.enterprise.sobject.Account;
import com.sforce.soap.enterprise.sobject.SObject;
import com.sforce.ws.ConnectionException;
import com.sforce.ws.ConnectorConfig;

/*
 * This class exercises the following functionality of the Web Services API
 * using the enterprise.wsdl:
 * - Login
 * - Query
 * - Update
 */
public class QueryAndUpdateaccountApp {

static final String USERNAME = "David@701.com"; 
static final String PASSWORD = "xxxxxxx";
static final String TOKEN = "AlDF5HNLniEjYxtvwuNFSheqp";
// the variable that will contain the connection that will be used to execute all
// SalesForce Web Services API.
static EnterpriseConnection connection;

// class constructor
public QueryAndUpdateaccountApp() {
// upon instantiation invoke process to perform the application logic
doWork();
}

// this is the entry point into the application
public static void main(String[] args) {
// create a new instance of the class to begin processing
new QueryAndUpdateaccountApp();

}

// this method comprises the bulk of the application logic
private void doWork() {
//TODO (Exercise 4-2): Set doQuery to true.
boolean doQuery = true;

//TODO (Exercise 4-3): Set doUpdate to true.
boolean doUpdate = true;

if (doLogin() && doQuery) {
// perform a sample query and output account information
Account account = doaccountQuery();

// if a record was returned, proceed with update
if (account != null && doUpdate) {
// update account
doaccountUpdate(account);
}
}
}

// this function encapsulates the logic necessary to login to salesforce.com
private boolean doLogin() {

ConnectorConfig config = new ConnectorConfig();
config.setUsername(USERNAME);
//append token to password if needed.
config.setPassword(PASSWORD + TOKEN);
//config.setTraceMessage(true);
//If using a proxy to get through a firewall, uncomment the following code and set appropriate values.
//config.setProxy("proxyServer.corp.myCorp.com",8080);
//config.setNtlmDomain("NtlmDom");
//config.setProxyUsername("proxyUserName");
//config.setProxyPassword("***");
try {
connection = Connector.newConnection(config);

// display some current settings
System.out.println("Auth EndPoint: " + config.getAuthEndpoint());
System.out.println("Service EndPoint: " + config.getServiceEndpoint());
System.out.println("Username: " + config.getUsername());
System.out.println("SessionId: " + config.getSessionId());
System.out.println("Sforce service created.");
return true;
} catch (ConnectionException e1) {
e1.printStackTrace();
return false;
}
}

// this function encapsulates the logic necessary to query salesforce.com and
// output information about existing accounts
private Account doaccountQuery() {

// declare local vars
QueryResult qr = null; // create a variable to hold the query result
Account account = null; // create a variable to hold the return value

/***********************************************************************
* TODO - (Exercise 4-2): WRITE THE LOGIC NECESSARY TO QUERY AND RETURN A SINGLE account
* 1. Declare a string to hold the SOQL query which will retrieve the id, first name, last name of a single account
* 2. Using the connection obtained in the doLogin() method, execute the query and obtain the result
* 3. This will need to be wrapped in a try-catch block. Simply catch a generic Exception and print out the
* error message to the console.
***********************************************************************/
String query = "select id, Name, Phone from Account LIMIT 1"; // query for account data
// call the query saving the results in qr
try {
qr = connection.query(query);
} catch (Exception e) {
System.out.println("Error getting accounts " + e.getMessage());
}

/***********************************************************************
* TODO - (Exercise 4-2):
* 4. Using the query result, obtain the account record from the first element in the list of records
* 5. Print out account's first and last name to the console.
***********************************************************************/

// iterate over the results and output the returned information
if (qr != null && qr.getSize() > 0) {
SObject[] records = qr.getRecords();
if (records.length != 0) {
// get a handle on the retrieved account
account = (Account) records[0];

// output information about the account
System.out.println("Retrieved account: ");
System.out.println(account);
System.out.println(account.getId());
}
}

// return the account
return account;
}

// this function encapsulates the logic necessary to update a received account
// within salesforce.com and output the results
private void doaccountUpdate(Account account) {
// First we will create a account object array, all calls are batch ours is a single element batch
Account[] accounts = new Account[1];

/***********************************************************************
* TODO (Exercise 4-3) - WRITE THE LOGIC NECESSARY TO UPDATE THE PHONE AND MOBILE FOR THE RECIEVED account
*
* 6. Set the phone and mobile fields on the account object
* 7. Add the account object to the array of accounts
***********************************************************************/
// set the values for the account
account.setName("Dave");
account.setPhone("777-666-5555");

// add the account to the array of objects
accounts[0] = account;

// we are now ready to update the record
// create an array for the results
SaveResult[] saveResults = null;
/***********************************************************************
* TODO (Exercise 4-3)
* 8. Using the connection object initialized in the doLogin method, update the list of accounts and put the result in the saveResults array
* 9. This will need to be wrapped in a try-catch block. Simply catch a generic Exception and print out the error message to the console.
***********************************************************************/

try {
saveResults = connection.update(accounts);
} catch (Exception e) {
System.out.println("Error updating accounts " + e.getMessage());
}
// we will create a separate save result object for clarity
for (SaveResult saveResult : saveResults) {
// check to see if the first update was a success
if (saveResult.isSuccess())
// the id that we passed should be the one we get back.
{
System.out.println("Updated account with id: " + saveResult.getId());
} else {
// an error occurred on this record
System.out.println("Error: ");
Error error = saveResult.getErrors()[0];
System.out.println(error.getMessage());
}
}
}
}

====================Finally got below result=====================

Auth EndPoint: https://login.salesforce.com/services/Soap/c/47.0/0DF2v0000000ofJ
Service EndPoint: https://david701-dev-ed.my.salesforce.com/services/Soap/c/47.0/00D2v000001uTD6/0DF2v0000000ofJ
Username: David@701.com
SessionId: 00D2v000001uTD6!AQIAQB45BK1HOuJjUacxaDOcpUkyZje4GkwMGp3ra86PrkVThlgbCGaX1wpk45SMt3U3jLeTotQdplyrzzUXpwIfW_oEocuW
Sforce service created.
Retrieved account:
[Account [SObject  fieldsToNull='{[0]}'
 Id='0012v00002bjSF7AAM'
]
.
.
 Phone='777-666-5555'
.
.

]

0012v00002bjSF7AAM
Updated account with id: 0012v00002bjSF7AAM

Note: If you have a trouble in getting enterprise.jar, you can use any jar which were retrieved by any developer earlier(to avoid the head of path setting and other errors related to it). You can ping me on thimma.salesforce@gmail.com in case if you want to get enterprise.jar for your POC.

How to identify root, intermediate and server certs.

Lot of us gets confuse about the certificate chain to identify which is root, intermediate and server certificate.  I tried to demonstrate it with pictorial representation to get some insight on this.

Primarily to see any domain certificate follow the process specified in the below image.

Root: The Root CA Certificate is always signed by the CA itself. The signatures of all certificates in the chain must be verified up to the Root CA Certificate.

If we notice that in the above picture Issued to and Issued by both are same because the Root CA Certificate is always signed by the CA itself.  If the issued by and Issued to both are same,then it is root cert. By decoding it we can easily identify it is root certificate.

Intermediate : Any certificate that sits between the SSL Certificate and the Root Certificate is called a chain or Intermediate Certificate. The Intermediate Certificate is the signer/issuer of the SSL  Certificate. The Root CA Certificate is the signer/issuer of the Intermediate Certificate. If the Intermediate Certificate is not installed on the server (where the SSL certificate is installed) it may prevent some browsers, mobile devices, applications, etc. from trusting the SSL certificate. 

In order to make the SSL certificate compatible with all clients, it is necessary that the Intermediate Certificate be installed.

Server/Domain cert: Server certificates (SSL certificates) are used to authenticate the identity of a server. When installed on a website, an SSL certificate turns the protocol on the website from HTTP to HTTPS and installs indicators that vouch for the authenticity of the website

If we notice in the above picture, the Issued by is pointing to the Intermediate cert(DigiCert SHA Secure Server CA) and Issued is pointing to Domain or Sever certificate.

This is how we establish the chaining for any certificates.

 Please find below step by to step  process to create a certificate chain.

1. Get CA signed certificate for domain.
2. Import or Download that certificate as base64.
3. Do the same for all the intermediate certificates (if more than one) and the root certificate.
4. Now create a new file. Example:  certificate_chain.crt.
5. Open that file in text editor and stack all 3 certificates on after the other and save.

1. Order of the certificates is starting from the domain and up towards the root

• Domain cert
• Intermediate cert 1 above domain
• Intermediate cert 2 above that and so on
• Root cert

2. You must include all certificates up to and including root

Example of merging certificates

-----BEGIN CERTIFICATE-----
MIIGvTCCBaWgAwIBAgIQBsyeRo2C7ECRbEpmpu+mazANBgkqhkiG9w0BAQUFADBI
[TRUNCATE]
MDEyMDAwMFowgYcxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDESMBAG
v+PMGxmcJcqnBrJT3yOyzxIZow==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEjzCCA3egAwIBAgIQBp4dt3/PHfupevXlyaJANzANBgkqhkiG9w0BAQUFADBh
[TRUNCATE]
slXkLGtB8L5cRspKKaBIXiDSRf8F3jSvcEuBOeLKB1d8tjHcISnivpcOd5AUUUDh
v+PMGxmcJcqnBrJT3yOyzxIZow==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
[TRUNCATE]
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----

 If you want to decode certificates on your own computer, run this OpenSSL command:

openssl x509 -in certificate.crt -text -noout

Salesforce oAuth 2.0 flows with Node Js Integration.

Tried to wrap all the oAuth flows in one place and able to complete it. Sharing it to help to accelearte

the progress of your poc/project. Please tweak below code to use any flow with node

Js integration.

var sf = require('node-salesforce');
var http = require('http');
var url = require('url');
var fs = require('fs');
request = require('request');
path = require("path"),
https = require('https'), 
fs = require('fs'),  
base64url = require('base64-url'), 
nJwt = require('njwt')
const jsdom = require("jsdom");
const { JSDOM } = jsdom;

let client_Id ='3MVG9d8..z.hDcPKuO0qkcUX0IqWf.AIAsDF_dkcBYL80RvSIKADdH0svSMV_gKhpJAh1HwI4tRNfimBeuwrO';
let client_Secret='67D3847C8AC12050F369457935933CD1205A120C70E69E370B169BFC8CC3AE27';
let  sfdcURL = 'https://login.salesforce.com/services/oauth2/authorize' ;
let  tokenurl = 'https://login.salesforce.com/services/oauth2/token' ;
  
//
// OAuth2 client information can be shared with multiple connections.
//
var express = require('express');
var app = express();
var oauth2 = new sf.OAuth2({
    loginUrl : 'https://login.salesforce.com',
    clientId:client_Id,
    clientSecret:client_Secret,
    redirectUri : 'http://localhost:8000/oauth2/code'
});
//
// Get authz url and redirect to it.

//
app.get('/oauth2/auth', function(req, res) {
  res.redirect(oauth2.getAuthorizationUrl());
});

app.get('/', function (req, res) {
    res.send(`<html>
    <head>
    <style>
    ul {
      list-style-type: none;
      margin: 0;
      padding: 0;
      overflow: hidden;
      background-color: #333333;
    }
    li {
      float: left;
    }
    
    li a {
      display: block;
      color: white;
      text-align: center;
      padding: 16px;
      text-decoration: none;
    }
    
    li a:hover {
      background-color: #111111;
    }
    </style>
    </head>
    <body>
    
    <ul>
      <li><a href="http://localhost:8000/jwt">JWT Flow</a></li>
      <li><a href="http://localhost:8000/oauth2/auth">Web server</a></li>
      <li><a href="http://localhost:8000/username_password">User name and Password</a></li>
      <li><a href="http://localhost:8000/useragent">User agent</a></li>
      <li><a href="http://localhost:8000/refresh">Refresh token flow</a></li>
      <li><a href="http://localhost:8000/samlassertionaccesstoken">SAML Assertion</a></li>
      <li><a href="http://localhost:8000/device">Device flow</a></li>
      <li><a href="https://asset-tokens.herokuapp.com/">Asset token flow</a></li>
    </ul>
    
    </body>
    </html>`);
    
});
app.get('/oauth2/code', function(req, res) {
  var q = url.parse(req.url, true);
  request({   url : tokenurl+'?client_id='+
  client_Id
    +'&redirect_uri='+
          'http://localhost:8000/'+'&grant_type=authorization_code&code='+
          q.query.code+'&client_secret='+client_Secret,  
         method:'POST' 
       },
       function(err, remoteResponse, remoteBody) {
       
         res.send(remoteBody);
       } 
     );

  
});

app.get('/useragent', function (req,res){  
request({   url : sfdcURL+'?client_id='+client_Id+'&redirect_uri='+'http://localhost:8000/'+'&response_type=token',  
        method:'GET' 
      }).pipe(res); 
   
} );

/**
*  Username Password oAuth Flow
*/
app.get('/username_password', function (req,res){  

  var sfdcURL = 'https://login.salesforce.com/services/oauth2/token' ;

 let uname='David@abc.com';
 let pwd='passwordonly'

  var upurl = sfdcURL+
  '?client_id='+ client_Id+
   '&grant_type=password'+
   '&client_secret='+client_Secret+
   '&username='+uname+
   '&password='+pwd ;
 

   request({  url : upurl,  
        method:'POST' 
      },
      function(err, remoteResponse, remoteBody) {
        var sfdcResponse = JSON.parse(remoteBody); 
        res.send(sfdcResponse);
      } 
    );  
} );


function encryptUsingPrivateKey_nJWTLib (claims) {
  var absolutePath = path.resolve("pykey.pem");   
    var cert = fs.readFileSync(absolutePath );  
  var jwt_token = nJwt.create(claims,cert,'RS256'); 
  console.log(jwt_token); 
  var jwt_token_b64 = jwt_token.compact();
  console.log(jwt_token_b64);
 
  return jwt_token_b64;     
};

function getJWTSignedToken_nJWTLib(){ 

  var claims = {
    iss: '3MVG9d8..z.hDcPKuO0qkcUX0IncIWJdRX90Yc5BHsYUmbsHh8eeRweKXys8392v5gcuiK1_WHF3_zSS9rfoX',   
    sub: 'david@lightning601.com',     
    aud: 'https://login.salesforce.com',
    exp: (Math.floor(Date.now() / 1000) + (60*3))
   
  }

  return encryptUsingPrivateKey_nJWTLib(claims);
}
app.get('/jwt', function (req,res){  
  
  var sfdcURL = 'https://login.salesforce.com/services/oauth2/token' ;
  
  var sfdcUserName = 'david@lightning601.com';
  var token = getJWTSignedToken_nJWTLib(); 
    
  var paramBody = 'grant_type='+base64url.escape('urn:ietf:params:oauth:grant-type:jwt-bearer')+'&assertion='+token ; 
  var req_sfdcOpts = {  url : sfdcURL,  
              method:'POST', 
              headers: { 'Content-Type' : 'application/x-www-form-urlencoded'} ,
              body:paramBody 
            };
        
  request(req_sfdcOpts, 
    function(err, remoteResponse, remoteBody) {
      res.send(remoteBody);
    } 
  ); 
} );

/**
 * Device Authentication Flow
 */
app.get('/device', function (req,res){  


  let deviceurl = tokenurl+
  '?client_id='+ client_Id+
   '&response_type=device_code&redirect_uri=http://localhost:8000/' ;
 

   request({  url : deviceurl,  
        method:'POST' 
      },
      function(err, remoteResponse, remoteBody) {
        
        console.log(remoteBody) ;
        var sfdcResponse = JSON.parse(remoteBody); 
        var jsondata={
          "verification_uri" : sfdcResponse.verification_uri,
          "user_code" : sfdcResponse.user_code,
          "device_code" : sfdcResponse.device_code
        
        };
        console.log('@@@@@@@',jsondata) ;
        var hrefs=`http://localhost:8000/devicePol?device_code=${sfdcResponse.device_code}`;
        var step2redirect=`<html><head>${JSON.stringify(jsondata)} </head><body><a href=${hrefs}> Post authorizing in different browser/device click here: Device flow step 2 </a> </body></html>`;
        console.log(step2redirect) ;
        //res.send(JSON.parse(JSON.stringify(step2redirect)));
//${jsondata}
        res.send(step2redirect);
      } 
    );  
} ); 

/**
 *  Keep polling till device is verified using code
 */

app.get('/devicePol', function (req,res){ 
  var device_code = req.query.device_code;
  console.log('@@@@@@@@@device code@@@@@@@@@@@@',device_code);
  var devicePolurl = tokenurl+'?client_id='+ client_Id+'&code='+device_code+'&grant_type=device';
 //console.log('@@@@@@devicePolurl@@@@@@@',devicePolurl)
   request({  url : devicePolurl,  
      method:'POST' 
    },
    function(err, remoteResponse, remoteBody) {
      
      //console.log(remoteBody) ;
      var sfdcResponse = JSON.parse(remoteBody); 
      res.send(sfdcResponse);   
    } 
  );  
} ); 

 

  app.get('/samlassertionaccesstoken', function (req,res){ 
   
    let assertionvalue='PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIERlc3RpbmF0aW9uPSJodHRwczovL2xpZ2h0NjAxZGVwLWRldi1lZC5teS5zYWxlc2ZvcmNlLmNvbT9zbz0wMEQ3RjAwMDAwNEIxRXYiIElEPSJfNzAyNjBhYzItMjg0MTI0MmMiIElzc3VlSW5zdGFudD0iMjAxOS0xMi0yNlQxOToyMDozMy4xODdaIiBWZXJzaW9uPSIyLjAiPjxzYW1sMjpJc3N1ZXIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPkF4aW9tPC9zYW1sMjpJc3N1ZXI';   tokenurl='https://light601dep-dev-ed.my.salesforce.com/services/oauth2/token';
    var samlurl = tokenurl+'?grant_type=assertion&assertion_type=urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser&assertion='+assertionvalue;
    console.log(samlurl);
      request({   url : samlurl,  
         method:'POST' 
       },
       function(err, remoteResponse, remoteBody) {
         
         //console.log(remoteBody) ;
         var sfdcResponse = JSON.parse(remoteBody); 
         console.log(sfdcResponse)
         res.send(sfdcResponse);    
       } );
      });
      app.get('/refresh', function(req, res) {
       
        let refresh_token = '5Aep8613hy0tHCYdhyHUIj3Fev55mM_VcyWVY6uxHslAKE.FvcRJitylwr4jQhZcx9Hwo7SA6lbd6f.AWbyKtfE';
        var q = url.parse(req.url, true);
        request({   url : tokenurl+'?client_id='+client_Id+'&redirect_uri='+
                'http://localhost:8000/'+'&grant_type=refresh_token&refresh_token='+
                refresh_token,  
               method:'POST' 
             },
             function(err, remoteResponse, remoteBody) {
             
               res.send(remoteBody);
             } 
           );
      
  
    
  });
   
var server = app.listen(8000, function () {
  
});

All Salesforce oAuth 2.0 flows in one place with python integration

Below code covers most of the oAuth 2.0 flows of Salesforce. Tweaking below code helps you

to implement any oAuth 2.0 flow within no time. All the Best !!

import flask
import requests
import tkinter as tk
import json
from json2html import *
from flask import request, jsonify
from base64 import urlsafe_b64encode
from datetime import datetime, timedelta
import Crypto
from flask import (
    Flask,
    render_template,
    jsonify,
)

import os
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5

app = flask.Flask(__name__)
app = Flask(__name__)
app.config["DEBUG"] = TrueJWT_HEADER = '{"alg":"RS256"}'JWT_CLAIM_ISS = "3MVG9d8..z.hDcPKuO0qkcUX0IncIWJdRX90Yc5BHsYUmbsHh8eeRweKXys8392v5gcuiK1_WHF3_zSS9rfoX"JWT_CLAIM_SUB = "david@lightning601.com"JWT_CLAIM_AUD = "https://login.salesforce.com"JWT_AUTH_EP = "https://login.salesforce.com/services/oauth2/token"'''===========================Home page ============================================='''

@app.route('/', methods=["GET"])
def home():
    return "<h1> This blog is a great place to learn advanced concepts </h1>"

##############webserver first step ###########################
@app.route('/sfconnect', methods=["GET"])
def sfconnect():
    # return "<a href='https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9d8..z.hDcPKuO0qkcUX0IncIWJdRX90Yc5BHsYUmbsHh8eeRweKXys8392v5gcuiK1_WHF3_zSS9rfoX&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fsalesforcedata'> Webserver flow </a>"    allflows = "<div style='background-color: #fad0c4;background-image: linear-gradient(315deg, #fad0c4 0%, #f1a7f1 74%);height:570px;width:1260px' ><div style='padding: 1em;position: absolute;'><ul style='list-style-type:disc;color: green;'>" + "<li style='color: green;font-size: 150%'>" + "<a href='https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9d8..z.hDcPKuO0qkcUX0IncIWJdRX90Yc5BHsYUmbsHh8eeRweKXys8392v5gcuiK1_WHF3_zSS9rfoX&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fsalesforcedata'> Webserver flow </a>" + "</li>" + \
               "<li style='color: green;font-size: 150%'>" + "<a href='https://login.salesforce.com/services/oauth2/authorize?response_type=token&client_id=3MVG9d8..z.hDcPKuO0qkcUX0IncIWJdRX90Yc5BHsYUmbsHh8eeRweKXys8392v5gcuiK1_WHF3_zSS9rfoX&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fsfconnect'> User agent flow </a>" + "</li>" + \
               "<li style='color: green;font-size: 150%'>" + "<a href='http://127.0.0.1:5000/unamepwd'>User name & Password flow </a>" + "</li>" + \
               "<li style='color: green;font-size: 150%'>" + "<a href='http://127.0.0.1:5000/refresh'>Refresh token flow</a>" + "</li>" + \
               "<li style='color: green;font-size: 150%'>" + "<a href='http://127.0.0.1:5000/jwtflow'>JWT Bearer flow</a>" + "</li>" + \
               "<li style='color: green;font-size: 150%'>" + "<a href='http://127.0.0.1:5000/Deviceflow'>Device flow step 1</a>" + "</li>" + \
               "<li style='color: green;font-size: 150%'>" + "<a href='http://127.0.0.1:5000/samlassertionflow'>Saml Assertion flow</a>" + "</li>"\
               "<li style='color: green;font-size: 150%'>" + "<a href='https://asset-tokens.herokuapp.com/' target = '_blank' >Asset Token flow</a>" + "</li>"+ "</ul></div></div>"
    return allflows


############################################################################################ Get token ###############################################################################################
@app.route('/salesforcedata', methods=["GET"])
def sfdata():
    print(request.args)
    if 'code' in request.args:
        code = request.args["code"]

    API_ENDPOINT = "https://login.salesforce.com/services/oauth2/token"    # r = requests.post(url=AUTHORIZE_ENDPOINT, data=dataauthorize)
    datafortoken = {'grant_type': 'authorization_code',
                    'client_id': '3MVG9d8..z.hDcPKuO0qkcUX0IncIWJdRX90Yc5BHsYUmbsHh8eeRweKXys8392v5gcuiK1_WHF3_zSS9rfoX',
                    'client_secret': 'B682A1156FF3A2CCF0E83764552CD1DD0FD2A4510577DDE69C408D80FB9F4A76',
                    'code': code,
                    'redirect_uri': 'http://localhost:5000/salesforcedata'                    }

    r = requests.post(url=API_ENDPOINT, data=datafortoken)
    sfdcres = r.text
    print("The pastebin URL is:%s" % sfdcres)

    dicdata = json.loads(sfdcres)

    # print('#############',jsondata,'$$$$$$$$$$',dicdata);
    acctkn = dicdata["access_token"]

    print('parsed access token', acctkn)

    # place your own domain name.    return getdata(dicdata["access_token"])


############################################################################# User name and password flow####################################################################################
@app.route('/unamepwd', methods=["GET"])
def username_pwd():
    API_ENDPOINT = "https://login.salesforce.com/services/oauth2/token"
    clientid = '3MVG9G9pzCUSkzZvyptQFNKyeFZLuFEuMqSNrj_gLpwyqgHTmUSLK0qb0EvWiNm6VYzLixRXeULtJZlm3LevO'    clientsec = '32B4AFDB1FD3E9B8FD62FD2333ACC9B33A65778C35634F8D618745746A2A6C86'    # data to be sent to api    data = {'grant_type': 'password',
            'client_id': clientid,
            'client_secret': clientsec,
            'username': 'David@abc.com',
            'password': 'pwdsecuritytoken'            }

    # String reqbody = 'grant_type=password&client_id='+clientid+'&client_secret='+clientsec+'&username='+'David@lightning601.com'+'&password='+'Welcome@18G841Lq4OPaBc3nvtMcGmhC5GH';
    # sending post request and saving response as response object    r = requests.post(url=API_ENDPOINT, data=data)

    # extracting response text    # sfdcres = json.dumps(r.text)    resp = json.loads(r.text)
    # return json2html.convert(json=json.loads(r.text))
    return getdata(resp["access_token"])


############################################################################# Refresh token flow#############################################################################################
@app.route('/refresh', methods=["GET"])
def refrehflow():
    API_ENDPOINT = "https://login.salesforce.com/services/oauth2/token"
    clientid = '3MVG9G9pzCUSkzZvyptQFNKyeFZLuFEuMqSNrj_gLpwyqgHTmUSLK0qb0EvWiNm6VYzLixRXeULtJZlm3LevO'    refresh_token = '5Aep8613hy0tHCYdhyHUIj3Fev55mM_VcyWVY6uxHslAKE.Fvf2x7ni.qVWP4HfxXN7ieW.wzJFXROLFe4F8cR9'  # data to be sent to api    data = {'grant_type': 'refresh_token',
            'client_id': clientid,
            'refresh_token': refresh_token
            }

    # String reqbody = 'grant_type=password&client_id='+clientid+'&client_secret='+clientsec+'&username='+'David@lightning601.com'+'&password='+'Welcome@18G841Lq4OPaBc3nvtMcGmhC5GH';
    # sending post request and saving response as response object    r = requests.post(url=API_ENDPOINT, data=data)

    # extracting response text    sfdcres = r.text
    # return json2html.convert(json=json.loads(r.text))    resp = json.loads(r.text)
    # return json2html.convert(json=json.loads(r.text))
    return getdata(resp["access_token"])


############re usable method #########################
def getdata(acctkn):
    END_POINT = "https://light601dep-dev-ed.my.salesforce.com/services/apexrest/contactsfordatabase/";

    data = {"Authorization": "Bearer " + acctkn,
            "Content-Type": "application/json"            }

    r = requests.get(END_POINT, headers=data)

    print("contacts data from salesforce:%s" % r.content)

    # dict = json.loads(r.content)
    # return r.content    return json2html.convert(json=json.loads(r.content))


def jwt_claim():
    '''    Function to package JWT Claim data in a base64 encoded string    :return:    base64 encoded jwt claims data    '''
    claim_template = '{{"iss": "{0}", "sub": "{1}", "aud": "{2}", "exp": {3}}}'    claim = urlsafe_b64encode(JWT_HEADER.encode()).decode()
    claim += "."
    # expiration_ts = (datetime.now(tz=timezone.utc) + timedelta(minutes=5)).timestamp()    expiration_ts = int((datetime.now() + timedelta(seconds=300)).timestamp())
    payload = claim_template.format(JWT_CLAIM_ISS, JWT_CLAIM_SUB, JWT_CLAIM_AUD, expiration_ts)
    print(payload)

    claim += urlsafe_b64encode(payload.encode()).decode()
    return claim


def sign_data(data):
    f = open('pykey.pem', 'r')
    print('$$$$$$$file$$$$$$$$', f)
    rsa1key = RSA.importKey(f.read())
    signer = PKCS1_v1_5.new(rsa1key)
    digest = SHA256.new()
    digest.update(data.encode())
    sign = signer.sign(digest)
    return urlsafe_b64encode(sign).decode()


def do_auth(endpoint, data):
    '''    Function to POST JWT claim to SFDC /oauth/token endpoint and receive an access_token    :return:    access token    '''
    r = requests.post(endpoint, data=data)
    return r


@app.route('/jwtflow', methods=["GET"])
def jwtflow():
    # Keeping with JWS spec, we need to remove the padding "=" characters from base64 encoded string    claim = jwt_claim().replace("=", "")

    # Keeping with JWS spec, we need to remove the padding "=" characters from base64 encoded string    signed_claim = sign_data(claim).replace("=", "")

    target_payload = claim + "." + signed_claim

    auth_payload = {"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer", "assertion": target_payload}
    response = do_auth(JWT_AUTH_EP, data=auth_payload)

    #  convert the text dictionary to data structure so it can be rendered as a json properly    response_text = eval(response.text)

    response_headers = eval(str(response.headers))

    return_dict = {"claim": claim, "signed_claim": signed_claim, "target_payload": target_payload,
                   "response_text": response_text, "response_headers": response_headers}
    # return jsonify(return_dict)    sfdcres = response.text
    print("The SFDC response:%s" % sfdcres)

    dicdata = json.loads(sfdcres)

    # print('#############',jsondata,'$$$$$$$$$$',dicdata);
    acctkn = dicdata["access_token"]

    print('parsed access token', acctkn)

    # place your own domain name.    return getdata(dicdata["access_token"])


#####################Device flow#######################################
@app.route('/Deviceflow', methods=["GET"])
def deviceflow():
    print(request.args)
    Deviceflowclientid = '3MVG9d8..z.hDcPKuO0qkcUX0IvjSlDS5xKC7RazmseJKnAbeQxg3zIE55yk7zvsy3NpjLIayWxNoUU3RfYz0';

    API_ENDPOINT = "https://login.salesforce.com/services/oauth2/token"
    getdevicecode = {'response_type': 'device_code',
                     'client_id': Deviceflowclientid,
                     'client_secret': 'B682A1156FF3A2CCF0E83764552CD1DD0FD2A4510577DDE69C408D80FB9F4A76',
                     'redirect_uri': 'http://localhost:5000/Deviceflowstep2'                     }

    r = requests.post(url=API_ENDPOINT, data=getdevicecode)
    sfdcres = r.text

    dicdata = json.loads(sfdcres)
    devicecode = dicdata["device_code"]
    parseddata = ''    for i in dicdata:
        parseddata = parseddata+"<tr><th>" + str(i) + "</th><td>" + str(dicdata[i]) + "</td></tr>"    parseddata = "<table border='1' style='color:blue;background-color:gold;'><tbody>" + parseddata + "</tbody></table>"    stepsbeforegettingtoken="Before clicking below link, take the verification uri <b style='color:red'>{}</b> and enter it into another device(Mobile/Deskstop)/n and then enter User code <b style='color:red'>{}</b>".format(str(dicdata['verification_uri']),str(dicdata['user_code']))
    step2link = "<br/><br/><b style='color:Green'>"+stepsbeforegettingtoken+"</b><br/><h2><a href = " + "http://127.0.0.1:5000/Deviceflowstep2?devicecode=" + devicecode + "> Device flow step 2 (Get access token) " + "</h2>"    parseddata = parseddata + step2link
    return parseddata

###################################
#####################Device flow#######################################
@app.route('/Deviceflowstep2', methods=["GET"])
def deviceflowstep2():
    print('####################', request.args)
    # return request.args.devicecode
    dicdata = json.dumps(request.args)
    # devicecode = dicdata["devicecode"]    print(dicdata)

    dicdata = json.loads(dicdata)
    Deviceflowclientid = '3MVG9d8..z.hDcPKuO0qkcUX0IvjSlDS5xKC7RazmseJKnAbeQxg3zIE55yk7zvsy3NpjLIayWxNoUU3RfYz0';

    API_ENDPOINT = "https://login.salesforce.com/services/oauth2/token"    # r = requests.post(url=AUTHORIZE_ENDPOINT, data=dataauthorize)
    getdevicecode = {'grant_type': 'device',
                     'client_id': Deviceflowclientid,
                     'code': dicdata['devicecode']
                     }

    r = requests.post(url=API_ENDPOINT, data=getdevicecode)
    sfdcres = r.text

    dicdata = json.loads(sfdcres)
    acctkn = dicdata["access_token"]

    print('parsed access token', acctkn)


    return json2html.convert(json=json.loads(r.content))


#########################################################################################



def samlflow(entries):

    assertion=str(entries['assertion'].get())
    API_ENDPOINT = "https://light601dep-dev-ed.my.salesforce.com/services/oauth2/token"    # r = requests.post(url=AUTHORIZE_ENDPOINT, data=dataauthorize)    import base64

    data=str(entries['assertion'].get())
    getdevicecode = {'grant_type': 'assertion',
                     'assertion_type': 'urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser',
                     'assertion': data}
    r = requests.post(url=API_ENDPOINT, data=getdevicecode)
    sfdcres = r.text
    print('##################',sfdcres)
    dicdata = json.loads(sfdcres)
    acctkn = dicdata["access_token"]

    print('parsed access token', acctkn)

    return json2html.convert(json=json.loads(r.content))


def makeform(root, fields):
    entries = {}
    for field in fields:
        print(field)
        row = tk.Frame(root)
        lab = tk.Label(row, width=22, text=field+": ", anchor='w')
        ent = tk.Entry(row)
        ent.insert(0, "0")
        row.pack(side=tk.TOP,
                 fill=tk.X,
                 padx=5,
                 pady=5)
        lab.pack(side=tk.LEFT)
        ent.pack(side=tk.RIGHT,
                 expand=tk.YES,
                 fill=tk.X)
        entries[field] = ent
    return entries

@app.route('/samlassertionflow', methods=["GET"])
def samlassertionflow():
    app = flask.Flask(__name__)
    app = Flask(__name__)
    root = tk.Tk()
    fields = ('assertion', 'End point')
    ents = makeform(root, fields)
    b1 = tk.Button(root, text='Saml assertion flow',
           command=(lambda e=ents: samlflow(e)))
    b1.pack(side=tk.LEFT, padx=5, pady=5)

    root.mainloop()

    return 'Proceed with the generated input interface'


#########################################################################################
if __name__ == "__main__":
    port = int(os.getenv("PORT", 5000))
    # Run the app, listening on all IPs with our chosen port number    app.run(host="0.0.0.0", port=port, debug=True, use_reloader=True)

app.run()