Newer Version Available

This content describes an older version of this product. View Latest

Set Up OAuth in the AWS Lambda Function

These instructions describe how to set up OAuth on your Amazon Connect instance. When you enable Voice, OAuth is already set up for you.
Before you start, open a text file so you can copy some parameter values.
  1. Log in to AWS Console > Lambda > Functions.
  2. Select the {Your Contact Center Name}-InvokeSalesforceRestApiFunction Lambda function.
  3. Scroll down to Environment variables. Some of the variables are already configured for your instance, but you have to set the values for CONSUMER_KEY_PARAM_NAME, PRIVATE_KEY_PARAM_NAME, and SUBJECT.

    Environment variables

    If you’re testing this functionality in a sandbox org, make sure that these environment variables point to the sandbox domain (or to test.salesforce.com) instead of login.salesforce.com: AUDIENCE, SALESFORCE_AUTH_ENDPOINT, SALESFORCE_REST_API_ENDPOINT_BASE.

    Note

    1. For the SUBJECT variable, enter the username that you want to use to log in to Salesforce through the Lambda function.
      In the connected app in Salesforce, check that the user is added to the connected app profile. From Setup in your Salesforce org, go to App Manager. Open the action menu for the connected app, click Manage, and scroll to the bottom of the page to see the profiles. Verify that the Permitted Users value is set to "Admin approved users are pre-authorized" for the desired profile. To learn more about OAuth access policies, see Manage OAuth Access Policies for a Connected App.
    2. Copy the values for the CONSUMER_KEY_PARAM_NAME, PRIVATE_KEY_PARAM_NAME parameters and paste them into a text file. These values are the names of the SSM parameters that hold the actual credentials.
  4. Click Services > enter SSM in the search box > Systems Manager.
  5. Scroll down to the Parameter Store.
  6. In the parameter store, search for the CONSUMER_KEY_PARAM_NAME value and the PRIVATE_KEY_PARAM_NAME value that you copied to the text file.
  7. For the Consumer Key, update the value by clicking Edit and pasting the value of the consumer key from the connected app into the Value field.

    AWS consumer key

    If you didn’t already copy the Consumer Key from your app, you can get that value from your Salesforce org. From Setup, enter Apps in the Quick Find box, and select App Manager. Click View in the dropdown menu for your connected app. Copy the value for the Consumer Key from the connected app page.

    Note

    Connected app consumer key

  8. Save your changes.
  9. Update the value of the private key by clicking Edit and pasting the private key into the Value field. For the private key, you need the key that you previously used to sign the self-signed certificate. By default, this key is stored locally to a file named server.key.

    The private key isn’t the same as the consumer secret, although both are generated by the same key. The private key begins with “-----BEGIN RSA PRIVATE KEY-----” and ends with “-----END RSA PRIVATE KEY-----”. Be sure to include that BEGIN and END text as part of the key value.

    Note

  10. Save your changes.

It can take a few minutes before the changes are applied to the connected app.

Note