Connecting to Salesforce with OAuth2
Data Studio uses a JDBC driver to connect to Salesforce, allowing data to be extracted, transformed, validated, and then optionally pushed back to source.
As well as standard username / password authentication, the driver supports OAuth 2.0 authentication when establishing a connection.
The following guide is a brief description of how to set up an OAuth 2 connection to Salesforce from Data Studio, using the native connector.
Register your application with Salesforce
Follow the steps to create your new Connected App in your Salesforce instance.
This will allow you to define the scope of the access that the driver will have, and get the client ID and client secret (termed Consumer Key and Consumer Secret here), which will be used to retrieve the OAuth tokens.
In my example here I'll use Postman to retrieve the token. If using a different application, modify the callback URL as appropriate.
I've also unchecked the "use PKCE" option for the Salesforce app to simplify the example:
Use Postman to get the OAuth token(s)
Follow these steps to set up Postman to get the OAuth token(s) for the initial authorization flow
- The callback URL should match what you have configured in the Salesforce App
- Use the "Send client credentials in body" option in Postman
- Use Scope
full
to generate just an access token. Userefresh_token offline_access api
to generate access and refresh tokens. See this article for more on OAuth Tokens and Scopes.
Resulting token:
Add a modified datadirectJdbc.json file to Data Studio
Add a modified datadirectJdbc.json
file to configure the Salesforce driver to use OAuth authentication in the Data Studio UI, rather than key and secret. Note that the previous Salesforce connection option will be removed and replaced.
Drop the following file into Data Studio installation root directory (as described in ) and restart the Data Studio Database service:
When creating a new External System connection you should now see the “Salesforce OAuth” option (
).Configure the External System
First, you may need to go back to manage the Connected App you previously created, to ensure the Data Studio URL is included in the list of valid callback URLs
Using access token
This approach will allow you to use the access token retrieved earlier (in Postman) to connect to Salesforce from Data Studio (where Scope = full
).
You will use the same values (authURI, tokenURI etc) that were specified in Postman. Scope is not required. Hostname is simply login.salesforce.com
When creating credentials, provide the Client ID, Client Secret, and Access Token:
Using refresh token
This approach will allow you to use the refresh token retrieved earlier (in Postman) to connect to Salesforce from Data Studio (where Scope = refresh_token offline_access api
).
When creating credentials, provide the Client ID, Client Secret, and Access Token