OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration

 Step 1.) Creating a connected app in Salesforce.

1. Fill in your Name and Email
2. Click on “Enable OAuth Setting“
3. Call back URL "https://login.salesforce.com/oauth2/callback"
4. Select the following OAuth Scopes
1. Manage user data via APIs (API)
2. Manage user data via Web browsers (web)
3. Perform requests at any time (refresh_token, offline_access)
5. Click on Save.

-> Once you are done you will get Cliend_Id and Client_secret.

Step 2.) Prior approval of the client app.

There are different options to do that.

• Step 1: Admin approves from the connected app in Salesforce.
• Step2: Pre-Approve the connected app with the User-Agent OAuth Flow

Step 1:- 

Will use the Salesforce console for this.

1. Go to Setup -> click on Manage Apps -> Connected Apps
2. Click ‘Edit’ against your app
3. Click on Permitted Users and select “Admin-approved users are pre-authorized“
4. Save.
5. Now it is time to provide access to the profile or permission set. Go to setup -> Manage Users -> Profiles
6. Select the profile which you want to access for example System Admin.

-> Now we can use Step 2 (Pre-Approve the connected app with the User-Agent OAuth Flow)

https://<your instance>.salesforce.com/services/oauth2/authorize?client_id=<consumer key>&redirect_uri=<Callback URL. using your connected app>&response_type=code

NOW Final URL:-

https://crmlanding-5b-dev-ed.my.salesforce.com/services/oauth2/authorize? client_id=3MVG9pRzvMkjMb6nx5gCN8NXTw46YeedpgeZfLpDIS_rNadb7TLjTn3nZUMD0iYHCmrYPa5JNf7LIWIMArTjq&redirect_uri=https://login.salesforce.com/oauth2/callback&response_type=code

-> Now you can run this URL in your web browser then put in your salesforce username and password.

-> After you, login then copy the current URL from your web browser.

Like This:

https://ap27.salesforce.com/oauth2/callback?code=aPrx0jWjRo8KRXuA.2sGqpmNJKDE2NBQWzHy3INztcEghGFWODNv5gGzLkHgVe0YPGIBuQsubg%3D%3D

-> You need to copy the code only. (aPrx0jWjRo8KRXuA.2sGqpmNJKDE2NBQWzHy3INztcEghGFWODNv5gGzLkHgVe0YPGIBuQsubg%3D%3D)

-> Now we need to Decode this URL Code from URL-Encoded format. 

Using:-  https://www.urldecoder.org/

-> Get access_token using JWT by POSTMAN.

• Method: POST
• URL: https://login.salesforce.com/services/oauth2/token

•   Body -> x-www-form-urlencoded-> now added blow details.

grant_type -> authorization_code

code -> aPrx0jWjRo8KRXuA.2sGqpmNJN2m__G3dqweKbWQNVRpWW7b5yGvb_NTrljgQ2IMehNh5ZOEKg==

client_id -> 3MVG9pRzvMkjMb6nx5gCN8NXTw46YeedpgeZfLpDIS_rNadb7TLjTn3nZUMD0iYHCmrYPa5JNf7LIWIMArTjq

client_secret -> 5E8F398B9392A9CF19E3C12E6413C1CE25D87D2BD5D6156A05A26B2CE8CB37C0

redirect_uri -> https://login.salesforce.com/oauth2/callback

-> Now you click on the SEND button.

-> Congratulation now you have access_token and refresh token to execute any Salesforce API. 

LIKE This:-

-> NOW we can generate the final access token.

• Method: POST
• URL: https://login.salesforce.com/services/oauth2/token

•   Body -> x-www-form-urlencoded-> now added blow details.

grant_type -> refresh_token

client_id -> 3MVG9pRzvMkjMb6nx5gCN8NXTw46YeedpgeZfLpDIS_rNadb7TLjTn3nZUMD0iYHCmrYPa5JNf7LIWIMArTjq

client_secret -> 5E8F398B9392A9CF19E3C12E6413C1CE25D87D2BD5D6156A05A26B2CE8CB37C0

refresh_token -> 5Aep861mdLLi91HqFdCE61hgKnqAC8H8jZG.BmJvqx8Z_sQwr0uuKnz.Xv8fDRDZAX1flZoVNv2tNU3lTsmdOv0

Now go to  Header in postman and add:-

Content-Type -> application/x-www-form-urlencoded

Now we can get the final access token:-

see this image:-