Object
There must be field-level permissions set on this. I was leaning towards this because it was very simple to insert an object from the apex class.
We just need to create a custom object, instantiate it, then set a value to the custom field. I even tried encrypting the field and we have a long (more than 2000 something chars) field available. Everything seems easy, except for the fact that I wanted to have something more robust and secure.
Named Credentials
I initially saw in all the blog posts, that named credentials were the way to go but, it didn’t have SharePoint authentication mentioned, and I had no idea that I could create one. So I have used named credentials and boyyy was it awesome. Wait for it……….It handled all the authentication for Oauth by itself………………….whaaaaaaaa!!!!!
If you see the section Working code Approach - 1, this was not using any storage for access_token. Check the difference using named credentials in Working code Approach.
Keep in mind that SharePoint REST handles Oauth in two ways, which can be differentiated by the grant type. I will add this inside the SharePoint block, since it would make more sense for it to be there.
Grant Type - Client_Credentials
Grant_type - authorization_code
- Refer to this page for details about the auth.
- Create Auth. Provider in Salesforce
- Now I have started with Named credentials. I followed many blogs in creating the Auth. Provider for SharePoint.
I will provide a step by step guide below to implement Named Credentials for Oauth SharePoint SalesForce integration. I really think that the cloud has made everything easier for us developers…..
Create Auth. Provider.Navigate to Setup > Identity >Auth. Providers(or search for auth providers)
Click the new button. Select provider type as Microsoft Access Control Service. The fields populate.
Follow the steps from Salesforce
help. First, create the Auth. provider with empty placeholders. This will generate a couple of URLs as Salesforce Configuration. It should look like below.
IMP
Make a note of the callbackurl. This URL should be entered inside the redirect URL when registering the SharePoint “app-only”
I think that is it for creating Auth. Provider.
Create Named Credentials using the custom auth provider.
Navigate to named credentials. Setup>Security.
Click on New Named Credential. Enter the label of your choice. The same name is populated and can be changed as per need.
URL needs to be the SharePoint URL without any endpoints. I was making the mistake of adding the _api/web/lists and all. But it just needs to be the site collection without any REST endpoints.
Select Named Principal for Identity Type.
OAuth 2.0 for Authentication Protocol.
And the Authentication provider is the one that we created in the previous step.
I didn’t specify any scopes, but I also need to research more on this. In Salesforce, we can add custom scopes and salesforce suggests we don’t mess with any existing scopes. Some blogs mentioned to use list.write. But I have just given full permission while registering the app.
Check the Start Authentication Flow on Save.
Now Callout Options; this is important because I use this callout to send data through the apex. The goal is to have salesforce generate access_token for us without us explicitly calling every time.
- Checkmark both Generate Authorization Header and Allow Merge Fields in HTTP Header.