To complete the authentication process, you need to generate an access token and a frontdoor URL. Use the generated frontdoor URL as the authCredential value when you initialize the SDK.
To generate the token without creating logic for single sign-on, you can use this command to get the access_token. In this command, the location references your Salesforce org and client_id and client_secret are the values that you copied and saved from the OAuth Settings.
For more information on Salesforce OAuth flows and access tokens, see
- User-Agent OAuth Authentication Flow
- OAuth 2.0 User-Agent Flow
- Portal Authentication Using OAuth 2.0 and Salesforce Site
Frontdoor URLs are used to bridge into UI sessions, giving users uninterrupted access to Salesforce and other apps. It uses an existing session to automatically log users into a new UI with making them enter their credentials again.
Frontdoor URLs are short-lived. For session refresh, a new frontdoor URL must be generated.
For information on how to use the UI Bridge API to generate frontdoor URLs, see Generate a frontdoor URL to Bridge into UI Sessions.
- Don't hardcode OAuth tokens or frontdoor URLs in your client-side code.
- Pass credentials to the browser only when strictly necessary. Credentials can be scrapped from the browser by malicious actors.