OAuth requires the authenticating user to interact with Tableau CRM using the browser. The driver facilitates this in various ways as described in the following sections.

Create a Connected App

You can follow the procedure below to obtain the OAuth client credentials, the consumer key and consumer secret:

1. If your organization uses the Salesforce Lightning Experience UI, from Setup enter App in the Quick Find box, select App Manager (not Manage Connected Apps), and click New Connected App.

   If your organization uses the Salesforce Classic UI, from Setup enter Apps in the Quick Find box and then select Apps, under Build or Create. Under Connected Apps, click New.

2. Enter a name to be displayed to users when they log in to grant permissions to your app, along with a contact email address.

3. Click Enable OAuth Settings and enter a value in the Callback URL box.

   If you are making a desktop application, set the Callback URL to http://localhost:33333 or a different port number of your choice.

   If you are making a Web application, set the Callback URL to a page on your Web app you would like the user to be returned to after they have authorized your application.

4. Select the following OAuth scopes:

   Access and manage your wave data (wave_api)

   Access and manage your data (api)

   Perform requests on your behalf at any time (refresh_token, offline_token)

5. Once you have created the app, click your app name to open a page with information about your app. The OAuth client credentials, the consumer key and consumer secret, are displayed.

Authenticate to Tableau CRM from a Desktop Application

After setting the following connection properties, you are ready to connect:

• OAuthClientId: Set this to the consumer key in your app settings.
• OAuthClientSecret: Set this to the consumer secret in your app settings.
• CallbackURL: Set this to the callback URL in your app settings.
• InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.

When you connect the driver opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:

1. Gets the callback URL and sets the access token to authenticate requests.
2. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
3. Exchanges the returned refresh token for a new, valid access token.

Authenticate to Tableau CRM from a Web Application

To obtain the access token, set the following connection properties and follow the steps below:

• OAuthClientId: Set this to the consumer key in your app settings.
• OAuthClientSecret: Set this to the consumer secret in your app settings.
• CallbackURL: Set this to the callback URL in your app settings.

When connecting via a Web application, or if the driver is not authorized to open a browser window, call the following stored procedures to obtain the access token:

1. Call the GetOAuthAuthorizationURL stored procedure. The stored procedure returns the URL to the OAuth endpoint.

2. Log in and authorize the application. You are redirected back to the callback URL.

3. If you set the Grant_Type parameter to "code", the callback URL contains the verifier code in the query string parameter named "code". Extract the verifier code and call the GetOAuthAccessToken stored procedure.

To connect to data, set the following connection properties:

• OAuthAccessToken
• InstanceUrl

Refreshing Access Tokens

To automatically refresh the access token when it expires, set InitiateOAuth to "REFRESH" and set OAuthRefreshToken. Alternatively, call the RefreshOAuthAccessToken stored procedure when the access token expires. Given a refresh token as input, the procedure returns a valid OAuth access token.

Note: You can configure the session timeout in Salesforce by navigating to Setup -> Administration Setup -> Security Controls -> Session Settings.

Note: You can configure the session timeout in Salesforce by navigating to Setup > Administration Setup > Security Controls > Session Settings.

OAuthJWT Certificates

To obtain the OAuthJWT consumer key:

1. Log in to Salesforce.com.
2. From Setup, enter Apps in the Quick Find box and then click the link to create an app. In the Connected Apps section of the resulting page, click New.
3. Enter a name to be displayed to users when they log in to grant permissions to your app, along with a contact Email address.
4. Click Enable OAuth Settings and enter a value in the Callback URL box. Set this value only to create the Connected App as it is required. It will not actually be needed for this type of authentication. The Callback URL is in the format:
   

   http://localhost:8019/src/oauthCallback.rst

5. Enable Use digital signatures.
6. Upload your certificate.
7. Select the scope of permissions that your app should request from the user.
8. Click your app name to open a page with information about your app. The OAuth consumer key is displayed.

Note: This flow never issues a refresh token.