Portal Authentication Using OAuth 2.0 and Salesforce Sites

The Salesforce Spring '13 Release adds enhanced flexibility for portal authentication. If your app runs in a Salesforce portal, you can use OAuth 2.0 with a Salesforce site to obtain API access tokens on behalf of portal users. In this configuration you can:

  • Authenticate portal users via Auth providers and SAML, rather than a SOAP API login() call.
  • Avoid handling user credentials in your app.
  • Customize the login screen provided by the Salesforce site.

Here's how to get started.

  1. Associate a Salesforce site with your portal. The site generates a unique URL for your portal. See Associating a Portal with Salesforce Sites.

  2. Create a custom login page on the Salesforce site. See Managing Salesforce Site Login and Registration Settings.

  3. Use the unique URL that the site generates as the redirect domain for your users' login requests.

The OAuth 2.0 service recognizes your custom host name and redirects the user to your site login page if the user is not yet authenticated.

For example, rather than redirecting to https://login.salesforce.com:

redirect to your unique Salesforce site URL, such as https://_MyDomainName_.my.salesforce-sites.com:

If you’re not using enhanced domains, your org’s Salesforce Sites URL is different. For details, see My Domain URL Formats in Salesforce Help.

For more information and a demonstration video, see OAuth for Portal Users on the Salesforce Platform Developer Relations Blogs page.