Use the methods in this class to post a signed JWT bearer token to the OAuth token endpoint, in exchange for an access token.
public class MyController{ public MyController() { Auth.JWT jwt = new Auth.JWT(); jwt.setSub('user@salesforce.com'); jwt.setAud('https://login.salesforce.com'); jwt.setIss('3MVG99OxTyEMCQ3gNp2PjkqeZKxnmAiG1xV4oHh9AKL_rSK.BoSVPGZHQukXnVjzRgSuQqGn75NL7yfkQcyy7'); //Additional claims to set scope Map<String, Object> claims = new Map<String, Object>(); claims.put('scope', 'scope name'); jwt.setAdditionalClaims(claims); //Create the object that signs the JWT bearer token Auth.JWS jws = new Auth.JWS(jwt, 'CertFromCertKeyManagement'); //Get the resulting JWS in case debugging is required String token = jws.getCompactSerialization(); //Set the token endpoint that the JWT bearer token is posted to String tokenEndpoint = 'https://login.salesforce.com/services/oauth2/token'; //POST the JWT bearer token Auth.JWTBearerTokenExchange bearer = new Auth.JWTBearerTokenExchange(tokenEndpoint, jws); //Get the access token String accessToken = bearer.getAccessToken(); } }
The following are constructors for JWTBearerTokenExchange.
The following are methods for JWTBearerTokenExchange. All are instance methods.
public String getAccessToken()
Type: String
This method extracts the access_token from the token response. If the token response issues the access token in a different parameter, the request fails.
If you want the full HTTP token response returned, use getHttpResponse instead.
public String getGrantType()
Type: String
public System.HttpResponse getHttpResponse()
Type: System.HttpResponse
You can get the access token from the full System.HttpResponse. If you want only the access_token from the token response, you can use getAccessToken instead.
public void setGrantType(String grantType)
Type: void
public void setTokenEndpoint(String tokenEndpoint)
Type: void