feat(integrations): add support for salesforce client credentials#5594
feat(integrations): add support for salesforce client credentials#5594aadhitemp wants to merge 1 commit intoNangoHQ:masterfrom
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
ef5e1f6 to
379f592
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
379f592 to
c27aebe
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
c27aebe to
58f61ef
Compare
58f61ef to
6099bb8
Compare
6099bb8 to
9376d0c
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
44c1ac0 to
e624401
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
e624401 to
7e95f08
Compare
7e95f08 to
94ba9d0
Compare
There was a problem hiding this comment.
Critical reliability issue: new provider lacks required credentials, breaking authentication.
Status: Action Required | Risk: High
Issues Identified & Suggestions
- Define client credentials in provider config to prevent auth failures:
packages/providers/providers.yaml
Review Details
📁 8 files reviewed | 💬 1 comments
Instruction Files
└── .claude/
├── agents/
│ └── nango-docs-migrator.md
└── skills/
├── agent-builder-skill/
│ ├── EXAMPLES.md
│ └── SKILL.md
├── creating-integration-docs/
│ └── SKILL.md
└── creating-skills-skill/
└── SKILL.md
👍 / 👎 individual comments to help improve reviews for you
| optional: true | ||
| doc_section: '#step-1-finding-your-hostname' | ||
|
|
||
| salesforce-cc: |
There was a problem hiding this comment.
[Reliability] The new salesforce-cc provider never captures the Client ID/Client Secret that the docs (and the auth flow) require. The Connect UI will only ask for hostname, because there is no credentials section, so connection credentials will not contain client_id/client_secret. When ProviderClient.resolveByType() runs, it reads credentials.client_id / credentials.client_secret and immediately throws client_credentials_missing, so every connection fails before it can obtain a token. Add the credential definitions so the Connect flow stores these fields per connection.
| salesforce-cc: | |
| salesforce-cc: | |
| display_name: Salesforce (Client Credentials) | |
| categories: | |
| - crm | |
| auth_mode: OAUTH2_CC | |
| token_url: https://${connectionConfig.hostname}/services/oauth2/token | |
| token_params: | |
| grant_type: client_credentials | |
| token_response_metadata: | |
| - instance_url | |
| proxy: | |
| base_url: ${connectionConfig.instance_url} | |
| docs: https://nango.dev/docs/api-integrations/salesforce-cc | |
| docs_connect: https://nango.dev/docs/api-integrations/salesforce-cc/connect | |
| token_expires_in_ms: 0 | |
| credentials: | |
| client_id: | |
| type: string | |
| title: Client ID | |
| description: The Client ID from the Salesforce Connected App | |
| doc_section: '#step-1-create-a-connected-app' | |
| client_secret: | |
| type: string | |
| title: Client Secret | |
| description: The Client Secret from the Salesforce Connected App | |
| secret: true | |
| doc_section: '#step-1-create-a-connected-app' | |
| connection_config: | |
| instance_url: | |
| type: string | |
| title: '' | |
| description: '' | |
| automated: true | |
| hostname: | |
| type: string | |
| title: Hostname | |
| description: The hostname to your Salesforce instance | |
| format: hostname | |
| example: acme.my.salesforce.com | |
| prefix: https:// | |
| optional: false |
Context for Agents
[**Bug**] The new `salesforce-cc` provider never captures the Client ID/Client Secret that the docs (and the auth flow) require. The Connect UI will only ask for `hostname`, because there is no `credentials` section, so connection credentials will not contain `client_id`/`client_secret`. When `ProviderClient.resolveByType()` runs, it reads `credentials.client_id` / `credentials.client_secret` and immediately throws `client_credentials_missing`, so every connection fails before it can obtain a token. Add the credential definitions so the Connect flow stores these fields per connection.
```suggestion
salesforce-cc:
display_name: Salesforce (Client Credentials)
categories:
- crm
auth_mode: OAUTH2_CC
token_url: https://${connectionConfig.hostname}/services/oauth2/token
token_params:
grant_type: client_credentials
token_response_metadata:
- instance_url
proxy:
base_url: ${connectionConfig.instance_url}
docs: https://nango.dev/docs/api-integrations/salesforce-cc
docs_connect: https://nango.dev/docs/api-integrations/salesforce-cc/connect
token_expires_in_ms: 0
credentials:
client_id:
type: string
title: Client ID
description: The Client ID from the Salesforce Connected App
doc_section: '#step-1-create-a-connected-app'
client_secret:
type: string
title: Client Secret
description: The Client Secret from the Salesforce Connected App
secret: true
doc_section: '#step-1-create-a-connected-app'
connection_config:
instance_url:
type: string
title: ''
description: ''
automated: true
hostname:
type: string
title: Hostname
description: The hostname to your Salesforce instance
format: hostname
example: acme.my.salesforce.com
prefix: https://
optional: false
```
File: packages/providers/providers.yaml
Line: 14057There was a problem hiding this comment.
I've validated that the current configuration works. It does ask for client_id and client_secret, and I was also able to to get the access token and refresh it too. Do I need to make this change?
There was a problem hiding this comment.
I don't think so. @hassan254-prog can you confirm?
94ba9d0 to
03017a3
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
hassan254-prog
left a comment
There was a problem hiding this comment.
Thanks for the contribution, few comments inline otherwise looks good.
| } | ||
|
|
||
| const url = `${connectionConfig['instance_url']}/services/oauth2/introspect`; | ||
| const url = `${instanceUrl}/services/oauth2/introspect`; |
There was a problem hiding this comment.
For this, you can add functionality to extract the token metadata here so that we can use the same instance_url from the raw token response to introspect tokens.
There was a problem hiding this comment.
I've made the requested changes, can you take a second look.
There was a problem hiding this comment.
This should be more of:
const tokenMetadata = getConnectionMetadata(credentials.raw, provider, 'token_response_metadata');
connectionConfig = {
...connectionConfig,
...tokenMetadata
};
which should work since you already have
token_response_metadata:
- instance_url
in the providers config.
There was a problem hiding this comment.
@aadhitemp, is it okay for me to take this over and take it to the finish line?
There was a problem hiding this comment.
Hey, yeah that works for me, go ahead and take it to the finish line 👍
03017a3 to
410cd09
Compare
There was a problem hiding this comment.
Changes suggested to align new integration docs with required migration content.
Status: Changes Suggested | Risk: Medium
Issues Identified & Suggestions
- Add required PreBuiltUseCases snippet in Pre-built syncs/actions section:
docs/api-integrations/salesforce-cc.mdx - Include standard Integration Guides intro line for consistency:
docs/api-integrations/salesforce-cc.mdx
Review Details
📁 9 files reviewed | 💬 2 comments
Instruction Files
└── .claude/
├── agents/
│ └── nango-docs-migrator.md
└── skills
👍 / 👎 individual comments to help improve reviews for you
|
|
||
|
|
There was a problem hiding this comment.
[Requirements] The “Pre-built syncs & actions” section must include the generated PreBuiltUseCases snippet. Without it, the page won’t display the empty-state messaging and future syncs/actions.
| import PreBuiltUseCases from "/snippets/generated/salesforce-cc/PreBuiltUseCases.mdx" | |
| <PreBuiltUseCases /> | |
Context for Agents
[FileRule: .claude/agents/nango-docs-migrator.md] The “Pre-built syncs & actions” section must include the generated PreBuiltUseCases snippet. Without it, the page won’t display the empty-state messaging and future syncs/actions.
```suggestion
import PreBuiltUseCases from "/snippets/generated/salesforce-cc/PreBuiltUseCases.mdx"
<PreBuiltUseCases />
```
File: docs/api-integrations/salesforce-cc.mdx
Line: 78💡 Applied from Instructions File: .claude/agents/nango-docs-migrator.md
| </Steps> | ||
|
|
||
| ## 📚 Salesforce (Client Credentials) Integration Guides | ||
|
|
There was a problem hiding this comment.
[Company Standards] The Integration Guides section is missing the standard intro line (“Nango maintained guides for common use cases.”). This line is required by the migration format for consistency across integrations.
| Nango maintained guides for common use cases. | |
Context for Agents
[FileRule: .claude/agents/nango-docs-migrator.md] The Integration Guides section is missing the standard intro line (“Nango maintained guides for common use cases.”). This line is required by the migration format for consistency across integrations.
```suggestion
Nango maintained guides for common use cases.
```
File: docs/api-integrations/salesforce-cc.mdx
Line: 68💡 Applied from Instructions File: .claude/agents/nango-docs-migrator.md
410cd09 to
1b81ef9
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
1b81ef9 to
1353b85
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
1353b85 to
d77d280
Compare
Description
This PR adds support for Salesforce (Client Credentials) as a new integration. This allows users to authenticate with Salesforce using the OAuth2 Client Credentials flow.
Added the
salesforce-ccprovider with full support for the Client Credentials flow, including documentation and a dedicated "How to connect" guide.Changes:
salesforce-cctoproviders.yamlwithOAUTH2_CCauth mode and hostname interpolation.ProviderClientto handle token introspection for the new provider.docs/api-integrations/salesforce-cc.mdx(Integration overview).docs/api-integrations/salesforce-cc/connect.mdx(Step-by-step setup guide for Salesforce Connected Apps).docs/docs.json.Issue ticket number and link
None
Testing instructions
(Skip as this is adding/editing providers and documentation)
It also includes connection setup improvements and generated documentation snippets alongside the new integration content.
This summary was automatically generated by @propel-code-bot