Back to Collection Items
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
set http = Server.CreateObject("Chilkat.Http")
set req = Server.CreateObject("Chilkat.HttpRequest")
req.AddParam "response_type","code_credentials"
set jsonParam2 = Server.CreateObject("Chilkat.JsonObject")
req.AddParam "client_id",jsonParam2.Emit()
set jsonParam3 = Server.CreateObject("Chilkat.JsonObject")
req.AddParam "redirect_uri",jsonParam3.Emit()
req.AddParam "scope",""
req.AddHeader "Auth-Verification-Type","<email or sms>"
req.AddHeader "Auth-Request-Type","passwordless-login"
req.AddHeader "Authorization","Basic <base64Encoded identifier:otp>"
set resp = Server.CreateObject("Chilkat.HttpResponse")
req.HttpVerb = "POST"
req.ContentType = "application/x-www-form-urlencoded"
success = http.HttpReq("https://login.salesforce.com{{site}}/services/oauth2/authorize",req,resp)
If (success = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
Response.End
End If
Response.Write "<pre>" & Server.HTMLEncode( resp.StatusCode) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( resp.BodyStr) & "</pre>"
%>
</body>
</html>
Curl Command
curl -X POST
-H "Auth-Request-Type: passwordless-login"
-H "Auth-Verification-Type: <email or sms>"
-H "Authorization: Basic <base64Encoded identifier:otp>"
--data-urlencode 'response_type=code_credentials'
--data-urlencode 'client_id={{clientId}}'
--data-urlencode 'redirect_uri={{redirectUrl}}'
--data-urlencode 'scope='
https://login.salesforce.com{{site}}/services/oauth2/authorize
Postman Collection Item JSON
{
"name": "Passwordless Login - Authorize",
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [
{
"key": "Auth-Request-Type",
"value": "passwordless-login",
"description": "Required for passwordless login"
},
{
"key": "Auth-Verification-Type",
"value": "<email or sms>",
"description": "Must match init verification method, email or sms"
},
{
"key": "Authorization",
"value": "Basic <base64Encoded identifier:otp>",
"description": "Base 64 encoded <Identifier:OTP>"
}
],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "response_type",
"value": "code_credentials",
"type": "text"
},
{
"key": "client_id",
"value": "{{clientId}}",
"type": "text"
},
{
"key": "redirect_uri",
"value": "{{redirectUrl}}",
"type": "text"
},
{
"key": "scope",
"value": "",
"description": "Comma seperated list of scopes, optional",
"type": "text"
}
]
},
"url": {
"raw": "{{url}}{{site}}/services/oauth2/authorize",
"host": [
"{{url}}{{site}}"
],
"path": [
"services",
"oauth2",
"authorize"
]
},
"description": "After you send your passwordless login data to initialize, this request allows you to process that login data, and as a part of this request you also verify the users email or sms number. The request itself is a authorization call for the Code and Credential flow. It includes 3 specific headers: `Auth-Request-Type` which is set to `passwordless-login`, `Auth-Verification-Type` which is set to email or sms, and an Authorization Basic header, which is the base64 encoded result of `identifier:otp` where `identifier` is the value returned in your initialize call, and `otp` is the value sent to the end user via email or sms.\n\nThe response from this API is the Auth Code, which is then exchanged for the Access Token."
},
"response": [
]
}
