This project is a node app that acts as an integration between a Salesforce Org and Amazon S3.
The project is complementary with this integration that exports Salesforce documents to Amazon S3.
The goal of the integration is to allow Salesforce users to download Amazon S3 documents. The integration leverages OAuth 2.0 to authenticate users and performs security checks on document access.
We download documents from S3 with the following scenario:
- A user clicks on a link on the S3 Document record in Salesforce.
- The link redirects the user to the middleware app where the user goes through OAuth authentication using their Salesforce credentials. The OAuth flow is implemented thanks to a Salesforce Connected App.
- The middleware run some permission checks and. If the user is allowed to access the document, the middleware uses a S3 API client to retrieve the file from Amazon.
- The content of the file is then served back to the user. If the user was already logged in with the connected app before the original request in step 1, the document is sent seamlessly as a response (the user will not notice the intermediate steps).
- Log in to your Salesforce org.
- At the top right of the page, select the gear icon and then click Setup.
- From Setup, enter
App Manager
in the Quick Find and select App Manager. - Click New Connected App.
- Enter
Amazon S3 Middleware
as the Connected App Name - Enter your Contact Email.
- Under API (Enable OAuth Settings), check the Enable OAuth Settings checkbox.
- Enter
https://YOUR_HOST/auth/callback
as the Callback URL whereYOUR_HOST
is the host of this node app. - Under Selected OAuth Scope, move Access and manage your data (API) to the Selected OAuth Scopes list.
- Click Save.
- From this screen, copy the connected app’s Consumer Key and Consumer Secret some place temporarily.
-
Declare the following environment variables:
Variable Name Description Example SF_LOGIN_URL
Salesforce login URL. Either:
-https://login.salesforce.com
for production and Developer Edition orgs
-https://login.salesforce.com
for sandboxes and scratch orgs
- your own custom domain.https://login.salesforce.com
SF_AUTH_CALLBACK_URL
Connected app callback URL where YOUR_HOST
in the example is the host that hosts this app. This value must match what's configured in the Connected App.https://YOUR_HOST/auth/callback
SF_CONSUMER_KEY
Connected app consumer key. secret SF_CONSUMER_SECRET
Connected app consumer secret. secret SF_API_VERSION
Salesforce API version. 54.0
AWS_ACCESS_KEY_ID
Access key ID for your AWS IAM user. secret AWS_SECRET_ACCESS_KEY
Secret access key for your AWS IAM user. secret AWS_REGION
Region of your S3 bucket. eu-west-3
AWS_S3_BUCKET
Name of your S3 bucket. poz-sf-demo
SESSION_SECRET
Secret key for signing the session cookie with a length of 32 characters or more. secret SESSION_DURATION
Salesforce session duration in minutes (default is 120 minutes). 120
If you are testing locally, you can create a
.env
file at the root of the project with this template:SF_LOGIN_URL=https://login.salesforce.com SF_AUTH_CALLBACK_URL=https://YOUR_HOST/auth/callback SF_CONSUMER_KEY= SF_CONSUMER_SECRET= SF_API_VERSION=54.0 AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_REGION= AWS_S3_BUCKET= SESSION_SECRET= SESSION_DURATION=120
-
Run
npm start
to start the app.