Using OAuth2.0

Introduction

This document details the option for connecting to Salesforce from Continuous Compliance engines via OAuth2.0 using the Permanent File Upload API released as part of the Delphix Engine 6.0.15.0 Release. Users of the Continuous Compliance engine require the capability to authenticate and authorize with Salesforce using OAuth2.0. The earlier process using the previously existing file upload API was cumbersome as it only supports temporary file upload for files not explicitly associated with a masking object, like a JDBC driver. If a file uploaded with the previously existing POST file upload API endpoint is not explicitly associated with a masking object, then the file is deleted after 24 hours, requiring frequent reupload of the necessary OAuth settings file. We will be using what’s termed as OAuth2.0 for headless servers (hereon referred to as headless OAuth). For more information on headless OAuth, refer to the CDATA documentation.

Prerequisites

  • CDATA JDBC Driver jar file.

  • A valid rtk from CDATA

  • A mac or windows machine with java 1.8 or higher installed (jre or jdk)

  • Create a Custom OAuth app in Salesforce as explained here. The connected app must have following settings:

    • OAuth Settings checkbox is selected

    • Refresh Token policy set to Refresh token is valid until revoked

    • Callback URL set to http://localhost:33333

    • Selected OAuth Scopes: Full Access(full)

  • PEM chain of the Salesforce server being accessed

With CDATA driver versions 21.0.8137+, a full certificate chain (PEM chain) is required by the driver.Earlier versions only required the certificate and not the full certificate chain.

Instructions

Create OAuth Settings File

Run the CDATA driver file:
Windows

java -jar 'C:\Program Files\CData\CData JDBC Driver for Salesforce 2019\lib\cdata.jdbc.salesforce.jar'

macOS 

java -jar cdata.jdbc.salesforce.ja

Input the following information in the Driver window:

Key

Description

AuthScheme

OAuth

UseSandbox

True ( If Connecting to Sandbox)

UseBulkAPI

True

BulkAPIConcurrencyMode

Parallel

WaitForBulkResults

True

InitiateOAuth

GETANDREFRESH

OAuthClientId

Connected App Client Id

OAuthClientSecret

Connected App Client Secret

OAuthSettingsLocation

Full Path including filename where the driver can create the OAuthSettings file.

CallbackURL

http://localhost:33333

SSLServerCert

Salesforce SSL Certificate

Logfile

File location for CDATA logs
/tmp/cdata.log

RTK (runtime key)

Note: An RTK is not required for Continuous Compliance engine version 7.0.0 onwards.

License key from CDATA

This will build a connection string at the bottom of the window. Once all parameters are provided, click the Test Connect button at the bottom of the screen. This will open a browser window.

In the browser window, login to the Salesforce Org using the user account, password combination and approve the grants requested by CDATA.

The CDATA Driver window should now show a “Connection Successful” message and a settings file will be saved under the OAuthSettingsLocation.

File Upload API

Upload OAuthSettings file

  1. Once the OAuth settings file is generated, make a POST /file-uploads?permanent=true request to upload the file onto the masking engine: a. Follow the directions provided in the Masking Documentation b. In order to specify that the file should be persisted permanently (not be removed after 24 hours), the query string parameter ?permanent=true must be provided

  2. Once uploaded, the API will return a response that includes a fileReferenceId and fileUuid: a. fileReferenceId example: delphix-file://upload/f_2b3d4fe41b504c478175dc982879fd53/OAuthSetting.txt b. fileUuid example: f_2b3d4fe41b504c478175dc982879fd53

Update OAuthSettings file

If you update the OAuth Client ID, secret or your Salesforce password, a new OAuthSettings file will need to be created. To avoid having to update the file referenced in your Salesforce database connector, the uploaded file can be replaced with the updated file.Make a PUT /file-uploads request/{fileUuid}, replacing {fileUuid} with the desired file’s UUID. As with the POST /file-uploads request , provide the file parameter in the form data.

Delete permanent file upload

  1. If you would like to delete a specific OAuthSettings file, make a DELETE /file-uploads/{fileUuid} request, replacing {fileUuid} with the desired file’s UUID.

  2. If you would like to delete all permanent file uploads, which should include all OAuthSettings files, make a DELETE /file-uploads?permanent=true request

    • In order to specify that the files that should be deleted are only those that were persisted permanently (not be removed after 24 hours), the query string parameter ?permanent=true must be provided, otherwise all temporary file uploads will be deleted

Get permanent file uploads

  1. Make a GET /file-uploads?permanent=true request to retrieve information on all the permanent file uploads, which should include all uploaded OAuthSettings files.

  2. To retrieve information on a specific permanent file upload, make a GET /file-uploads/{fileUuid} request, replacing {fileUuid} with the desired file’s UUID.

Sample JDBC URL

Once the OAuthSettings file is uploaded, it’s time to create/update the connector to use this file.

The JDBC URL should look like this:

jdbc:salesforce:AuthScheme="OAuth";UseSandbox="True";UseBulkAPI="True";BulkAPIConcurrencyMode="Parallel";WaitForBulkResults="True";InitiateOAuth="REFRESH";OAuthClientId="REPLACE_WITH_CLIENT_ID";OAuthClientSecret="REPLACE_WITH_CLIENT_SECRET";SSLServerCert="REPLACE_WITH_PEM_CHAIN";rtk=REPLACE_WITH_RTK;OAuthSettingsLocation="/var/delphix/masking/tmp/fileUpload/f_2b3d4fe41b504c478175dc982879fd53/OAuthSetting.txt";CallbackURL=http://localhost:33333

Questions?

For any questions, bugs, or feature requests contact us at support.delphix.com.