Apex Reference Guide

Apex Reference Guide
Release Notes
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
AuthConfiguration Class
AuthProviderCallbackState Class
AuthProviderPlugin Interface
AuthProviderPluginClass Class
AuthProviderTokenResponse Class
AuthToken Class
CommunitiesUtil Class
ConfigurableSelfRegHandler Interface
ConfirmUserRegistrationHandler Interface
ConnectedAppPlugin Class
CustomOneTimePasswordDeliveryHandler Interface
CustomOneTimePasswordDeliveryResult Enum
ExternalClientAppOauthHandler Class
HeadlessSelfRegistrationHandler Interface
HeadlessUserDiscoveryHandler Interface
HeadlessUserDiscoveryResponse Class
HttpCalloutMockUtil Class
IntegratingAppType Enum
InvocationContext Enum
JWS Class
JWT Class
JWTBearerTokenExchange Class
JWTBearerTokenExchange Constructors
JWTBearerTokenExchange Methods
JWTUtil Class
LightningLoginEligibility Enum
LoginDiscoveryHandler Interface
LoginDiscoveryMethod Enum
MyDomainLoginDiscoveryHandler Interface
Oauth2TokenExchangeHandler Class
OAuth2TokenExchangeType Enum
OAuthRefreshResult Class
OauthToken Class
OauthTokenType Enum
RegistrationHandler Interface
SamlJitHandler Interface
SessionManagement Class
SessionLevel Enum
TokenValidationResult Class
UserData Class
VerificationAction Enum
VerificationMethod Enum
VerificationPolicy Enum
VerificationResult Class
Auth Exceptions
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
CommerceExtension Namespace
CommerceOrders Namespace
CommercePayments Namespace
CommerceTax Namespace
Compression Namespace
ConnectApi Namespace
Context Namespace
Database Namespace
Datacloud Namespace
DataRetrieval Namespace
DataSource Namespace
DataWeave Namespace
Dom Namespace
EventBus Namespace
ExternalService Namespace
Flow Namespace
FormulaEval Namespace
fsccashflow Namespace
Functions Namespace
industriesNlpSvc
IndustriesDigitalLending Namespace
Invocable Namespace
IsvPartners Namespace
KbManagement Namespace
LxScheduler Namespace
Messaging Namespace
Metadata Namespace
PlaceQuote Namespace
Pref_center Namespace
Process Namespace
QuickAction Namespace
Reports Namespace
RevSalesTrxn Namespace
RichMessaging Namespace
Salesforce_Backup Namespace
Schema Namespace
Search Namespace
Sfc Namespace
Sfdc_Checkout Namespace
Sfdc_Enablement Namespace
sfdc_surveys Namespace
Site Namespace
Slack Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
VisualEditor Namespace
Wave Namespace
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

JWTBearerTokenExchange Class

Contains methods that POST the signed JWT bearer token to a token endpoint to request an access token, in the OAuth 2.0 JWT bearer token flow.

Namespace

Auth

Usage

Use the methods in this class to post a signed JWT bearer token to the OAuth token endpoint, in exchange for an access token.

To test HTTP callouts to the token endpoint, use the Auth.HttpCalloutMockUtil class.

Example

In the following example application, the Apex controller:
  1. Creates the JSON Claims Set.
  2. Specifies the scope of the request with additional claims.
  3. Creates the signed JWT.
  4. Specifies the token endpoint and POSTs to it.
  5. Gets the access token from the HTTP response.
1public class MyController{
2 
3    
4     public MyController() {      
5        Auth.JWT jwt = new Auth.JWT();
6        jwt.setSub('user@salesforce.com'); 
7        jwt.setAud('https://login.salesforce.com'); 
8        jwt.setIss('3MVG99OxTyEMCQ3gNp2PjkqeZKxnmAiG1xV4oHh9AKL_rSK.BoSVPGZHQ​ukXnVjzRgSuQqGn75NL7yfkQcyy7');
9        
10        //Additional claims to set scope
11        Map<String, Object> claims = new Map<String, Object>();
12        claims.put('scope', 'scope name');
13            
14        jwt.setAdditionalClaims(claims);
15
16        //Create the object that signs the JWT bearer token
17        Auth.JWS jws = new Auth.JWS(jwt, 'CertFromCertKeyManagement');
18        
19        //Get the resulting JWS in case debugging is required
20        String token = jws.getCompactSerialization();
21        
22        //Set the token endpoint that the JWT bearer token is posted to
23        String tokenEndpoint = 'https://login.salesforce.com/services/oauth2/token';
24        
25        //POST the JWT bearer token
26        Auth.JWTBearerTokenExchange bearer = new Auth.JWTBearerTokenExchange(tokenEndpoint, jws);
27        
28        //Get the access token
29        String accessToken = bearer.getAccessToken();
30
31    }
32}

JWTBearerTokenExchange Constructors

The following are constructors for JWTBearerTokenExchange.

JWTBearerTokenExchange(tokenEndpoint, jws)

Creates an instance of the JWTBearerTokenExchange class using the specified token endpoint and the signed JWT bearer token.

Signature

public JWTBearerTokenExchange(String tokenEndpoint, Auth.JWS jws)

Parameters

tokenEndpoint
Type: String
The token endpoint that the signed JWT bearer token is POSTed to.
jws
Type: Auth.JWS
The signed JWT bearer token.

JWTBearerTokenExchange()

Creates an instance of the Auth.JWTBearerTokenExchange class.

Signature

public JWTBearerTokenExchange()

JWTBearerTokenExchange Methods

The following are methods for JWTBearerTokenExchange. All are instance methods.

clone()

Makes a duplicate copy of the JWTBearerTokenExchange object.

Signature

public Object clone()

Return Value

Type: JWTBearerTokenExchange

getAccessToken()

Returns the access_token in the token response to the JWT bearer token request.

Signature

public String getAccessToken()

Return Value

Type: String

Usage

This method extracts the access_token from the token response. If the token response issues the access token in a different parameter, the request fails.

If you want the full HTTP token response returned, use getHttpResponse instead.

getGrantType()

Returns the grant type specified in the JWT bearer token request. The grant type value defaults to urn:ietf:params:oauth:grant-type:jwt-bearer.

Signature

public String getGrantType()

Return Value

Type: String

getHttpResponse()

Returns the full System.HttpResponse token response to the JWT bearer token request.

Signature

public System.HttpResponse getHttpResponse()

Return Value

Type: System.HttpResponse

Usage

You can get the access token from the full System.HttpResponse. If you want only the access_token from the token response, you can use getAccessToken instead.

getJWS()

Returns the JWS specified in the JWT bearer token request.

Signature

public Auth.JWS getJWS()

Return Value

Type: Auth.JWS

getTokenEndpoint()

Returns the token endpoint that the JWT bearer token request is POSTed to.

Signature

public String getTokenEndpoint()

Return Value

Type: String

setGrantType(grantType)

Sets the grant type in the JWT bearer token request. Returned by the getGrantType() method.

Signature

public void setGrantType(String grantType)

Parameters

grantType
Type: String

Return Value

Type: void

setJWS(jws)

Sets the JWS in the JWT bearer token request. Returned by the getJWS() method.

Signature

public void setJWS(Auth.JWS jws)

Parameters

jws
Type: Auth.JWS

Return Value

Type: void

setTokenEndpoint(tokenEndpoint)

Sets the token endpoint that the JWT bearer token request is POSTed to. Returned by the getTokenEndpoint() method.

Signature

public void setTokenEndpoint(String tokenEndpoint)

Parameters

tokenEndpoint
Type: String

Return Value

Type: void