Authentication

The Embedded Service SDK provides an authentication mechanism that allows your users to access user-specific information in Service Cloud. To authenticate, create an SCSAuthenticationSettings object and pass it to the SDK.

Authentication Settings

Authentication with the Embedded Service SDK uses an SCSAuthenticationSettings object. Create this object with a client ID and a dictionary containing authentication settings. This authentication settings dictionary must contain a URL for your org (SCSOAuth2JSONKeyInstanceUrl) and an access token (SCSOAuth2JSONKeyAccessToken). If your OAuth2 flow supports refresh tokens, include a refresh token (SCSOAuth2JSONKeyRefreshToken) to the authentication settings.

In Swift:

// Specify auth info
let myClientId: String = "CLIENT_ID_VALUE"
let authDictionary: [SCSOAuth2JSONKey: String] =
  [ .instanceUrl : "https://URL_FOR_YOUR_ORG.com",
    .accessToken : "ACCESS_TOKEN_VALUE" ]

// Create auth settings object
let authSettings = SCSAuthenticationSettings(oauth2: authDictionary,
                                             clientId: myClientId)

In Objective-C:

// Specify auth info
NSString *myClientId = @"CLIENT_ID_VALUE";
NSDictionary<SCSOAuth2JSONKey, NSString*> *authDictionary =
  @{ SCSOAuth2JSONKeyInstanceUrl : @"https://URL_FOR_YOUR_ORG.com",
     SCSOAuth2JSONKeyAccessToken : @"ACCESS_TOKEN_VALUE" };

// Create auth settings object
SCSAuthenticationSettings *authSettings =
  [[SCSAuthenticationSettings alloc] initWithOAuth2Dictionary: authDictionary
                                                     clientId: myClientId];

If you’re using the Salesforce Mobile SDK, we provide a helper method that allows you to construct an SCSAuthenticationSettings object directly from the Mobile SDK user account. You can use this sample code after you’ve successfully logged in a user.

In Swift:

// Get user account info from the Salesforce Mobile SDK
let identity: SFUserAccountIdentity =
  SFUserAccountIdentity(userId: myUserId, orgId: myOrgId)
let account: SFUserAccount =
  SFUserAccountManager.sharedInstance().userAccount(forUserIdentity: identity)!

// Create auth settings object from SFUserAccount
let authSettings = SCSAuthenticationSettings(mobileSDK: account)

In Objective-C:

// Get user account info from the Salesforce Mobile SDK
SFUserAccountIdentity *identity =
  [SFUserAccountIdentityClass identityWithUserId:myUserId orgId:myOrgId];
SFUserAccount *account =
  [[SFUserAccountManagerClass sharedInstance] userAccountForUserIdentity:identity];

// Create auth settings object from SFUserAccount
SCSAuthenticationSettings *authSettings =
  [[SCSAuthenticationSettings alloc] initWithMobileSDKAccount:account];

NOTE: For developers who plan to use the Salesforce Mobile SDK for authentication, the Mobile SDK Developer’s Guide contains authentication instructions. If you’re using a Salesforce community, be sure to configure the login endpoint as described in the Salesforce Mobile SDK documentation (Configure the Login Endpoint). This documentation describes how to use the SFDCOAuthLoginHost property in your info.plist file to create a custom login URI.

If you plan to use remote push notification to alert the user when an event occurs in your org, call -[SCSAuthenticationSettings registerForPushNotifications:completion:]. To learn more, see Push Notifications for Case Activity.

However you create an SCSAuthenticationSettings object, pass it to the Service SDK during the authentication flow.

Authentication Flow

You can either authenticate on-demand when the SDK calls -[SCServiceCloudDelegate serviceCloud:shouldAuthenticateServiceType:completion:] in your delegate implementation, or you can authenticate explicitly (that is, before the app attempts to show the relevant UI) using the -[SCServiceCloud setAuthenticationSettings:forServiceType:completion:] method in the SCServiceCloud shared instance.

With on-demand authentication, you perform the authentication asynchronously, after the SDK calls your -[SCServiceCloudDelegate serviceCloud:shouldAuthenticateServiceType:completion:] delegate method. Once authenticated, pass the SCSAuthenticationSettings object to the completion block that you’re given in the method.

The following sequence diagram illustrates the basic authentication flow for on-demand authentication.

On-demand authentication

Alternatively, you can explicitly authenticate before any UI appears that requires authentication. Call the -[SCServiceCloud setAuthenticationSettings:forServiceType:completion:] method in the SCServiceCloud shared instance using the SCSAuthenticationSettings object.

The following sequence diagram illustrates the authentication flow for explicit authentication.

Explicit authentication

To programmatically log out a user, call -[SCServiceCloud setAuthenticationSettings:forServiceType:completion:] using nil for the SCSAuthenticationSettings argument.

Error Conditions

Implement -[SCServiceCloudDelegate serviceCloud:authenticationFailed:forServiceType:] in your delegate to handle error conditions. The SDK calls this method if the access token expires, and for any other scenario that results in an authentication failure. If you return true or YES, the SDK assumes that you want to proceed, and it subsequently calls -[SCServiceCloudDelegate serviceCloud:shouldAuthenticateServiceType:completion:] to give you a chance to send updated authentication information. If you return false or NO, the SDK goes back to the guest user state.

Sample Code

The following sample code illustrates how to implement an SCServiceCloudDelegate object to handle authentication.

class MyAuthHandler: NSObject, SCServiceCloudDelegate {

  override init() {
    super.init()

    // Subscribe to ServiceCloud events
    ServiceCloud.shared().delegate = self
  }

  /**
   Implementation of a `ServiceCloudDelegate` method that allows you to
   authenticate for a given service.
   */
  func serviceCloud(_ serviceCloud: ServiceCloud,
                    shouldAuthenticateServiceType service: SCServiceType,
                    completion: @escaping (SCSAuthenticationSettings?) -> Void) -> Bool {

    // Rather than scrutinize the service to see if we want to authenticate,
    // let's just assume that we always want to authenticate...

    // TO DO: Authenticate asynchronously
    let urlRequest = URLRequest.init(url: URL(string: "https://example.com/auth")!)
    URLSession.shared.dataTask(with: urlRequest) { (data, response, error) in

      // TO DO: Populate the `SCSAuthenticationSettings` object from the result.
      var authSettings: SCSAuthenticationSettings?

      // Call the completion block with the authentication settings (asynchronously)
      completion(authSettings)

    }.resume()

    // Tell the SDK that we do plan to authenticate
    return true
  }

  /**
   Implementation of a `ServiceCloudDelegate` method to handle authentication
   failure events.
   */
  func serviceCloud(_ serviceCloud: ServiceCloud,
                    authenticationFailed error: Error,
                    forServiceType service: SCServiceType) -> Bool {

    // For this example, let's not bother handling the error,
    // and just fall back to the guest user state...
    // TO DO: In your code, you should inspect this error.
    // If you want to handle the error, you could
    // return `true` and then you'd be called back in the
    // `shouldAuthenticateServiceType` method above.

    return false
  }
}