Generate Salesforce OAuth Tokens

To connect Salesforce to a Knowledge Hub knowledge base, you must either provide your Salesforce credentials to NiCE Professional Services or enter them in Knowledge Hub yourself. This page describes how to generate those credentials, also called OAuth tokens. You should treat the OAuth tokens like passwords. Be sure to store them in a secure location. If you lose them, you'll have to regenerate them.

This method is a developer effort. It requires knowledge of Python and Salesforce admin privileges.

Complete each of these tasks in the order given.

Install Python

Complete this task if you don't already have Python installed on your computer.

Install Python .
Run the installer. Select the box for Add python.exe to PATH, then click Install Now.

Create and Configure a Connected App in Salesforce

Create a Connected App

The connected app provides a consumer key and consumer secret.

Log in to Salesforce with an account that has admin privileges.
Click Setup in the top right.
Use the Quick Find box to search for App Manager and select it in the results.
Click New Connected App.
In the pop-up that appears, select Create a Connected App and click Continue.

View image
If a message appears saying that the page cannot be displayed because your browser blocks cross-domain cookies, click view this page in Salesforce Classic.
Enter a Connected App Name. The API name is generated automatically; it's the Connected App Name without spaces.
In Contact Email, enter a valid email address you have access to. Later, you'll use that email to authenticate.
Under API (Enable OAuth Settings), select Enable OAuth Settings and configure the fields that appear.
1. In Callback URL, enter https://{your-AWS-region}.console.aws.amazon.com/appflow/oauth. For example, this might be: https://us-west-2.console.aws.amazon.com/appflow/oauth
2. In Selected OAuth Scopes, select the following scopes and click Add:
  - Manage user data via APIs (api)
  - Perform requests at any time (refresh_token, offline_access)
Make sure the following settings are selected:
- Require Secret for Web Server Flow
- Require Secret for Refresh Token Flow
- Enable Client Credentials Flow
- Enable Authorization Code and Credentials Flow
- Enable Token Exchange Flow
- Require Secret for Token Exchange Flow
- Enable Refresh Token Rotation
Click Save.

Copy and Store Consumer Key and Consumer Secret

When you create a connected app, Salesforce automatically generates the consumer key and consumer secret. These are two of the credentials needed to connect Salesforce to Knowledge Hub.

In Salesforce, use the Quick Find box to search for App Manager, then click App Manager.
In the Lightning Experience App Manager, find the connected app you created. Click Actions > View in the row for that connected app.
Under API (Enable OAuth Settings), click Manage Consumer Details.
If prompted, authenticate by entering the code sent to your email.
Click Copy next to Consumer Key and Consumer Secret and store them in a secure location.

Configure Connected App Settings

Next, configure some of the settings of the connected app you created.

From Manage Consumer Details in Salesforce, click Back to Manage Connected Apps.
Click Manage at the top.
Click Edit Policies.
Under OAuth Policies, configure the following fields:
1. In the Permitted Users drop-down, select Admin approved users are pre-authorized.
2. In Refresh Token Policy, select Expire refresh token if not used for, then enter 2 and select Hour(s).
3. Select Enable Token Exchange Flow.
Under User Provisioning Settings, select Enable User Provisioning.
Click Save.

Assign Admin Profile to the Connected App

Then, assign the System Administrator profile to the connected app.

Back in the connected app, scroll down to the Profiles section and click Manage Profiles.
Select the box next to System Administrator.
Click Save.

Configure OAuth Settings

Next, configure your OAuth settings in Salesforce.

In Salesforce, click Setup in the top right.
Use the Quick Find box to search for OAuth, and then click OAuth and OpenID Connect Settings.
Enable the following settings:
- Allow OAuth Username-Password Flows
- Allow OAuth User-Agent Flows
- Allow Authorization Code and Credentials Flows

Prepare OAuth Tokens

Then, prepare the OAuth tokens for use in your Python script by using the template below.

Copy and paste the following lines of code into a text editor:


CONSUMER_KEY = '[Enter Consumer Key]'
CONSUMER_SECRET = '[Enter the Consumer Secret]'
REDIRECT_URI = '[Enter the Callback URL]'
AUTH_URL = 'https://login.salesforce.com/services/oauth2/authorize'
TOKEN_URL = 'https://login.salesforce.com/services/oauth2/token'

Change the value of the CONSUMER_KEY attribute to the consumer key of the connected app you created.
Change the value of the CONSUMER_SECRET attribute to the consumer secret of the connected app you created.
Change the value of the REDIRECT_URI attribute to https://{your-AWS-region}.console.aws.amazon.com/appflow/oauth. This should match the URL you entered in the Callback URL field in the connected app you created. For example, in the AWS us-west-2 region, this would be: https://us-west-2.console.aws.amazon.com/appflow/oauth
Do not change the value of the AUTH_URL or TOKEN_URL attributes.

Run the Python Script

Next, run your Python script to generate the OAuth tokens you need.

Open a text editor and start a file named generate_oauth_tokens.py.

Copy and paste the following lines of code into the file:


import requests
import webbrowser
from urllib.parse import urlencode, urlparse, parse_qs

CONSUMER_KEY = '[Enter Consumer Key]'
CONSUMER_SECRET = '[Enter the Consumer secret]'
REDIRECT_URI = '[Enter the Callback Url]'
AUTH_URL = 'https://login.salesforce.com/services/oauth2/authorize'
TOKEN_URL = 'https://login.salesforce.com/services/oauth2/token'

def get_authorization_code():
	# Prepare the authorization URL
	params = {
		'response_type': 'code',
		'client_id': CONSUMER_KEY,
		'redirect_uri': REDIRECT_URI
	}
	auth_url = f"{AUTH_URL}?{urlencode(params)}"

	# Open the authorization URL in the default web browser
	webbrowser.open(auth_url)

	# Prompt the user to enter the full redirect URL after authorization
	redirect_response = input("Paste the full redirect URL after authorization:\n")

	# Parse the authorization code from the redirect URL
	parsed_url = urlparse(redirect_response)
	auth_code = parse_qs(parsed_url.query)['code'][0]

	return auth_code

def get_access_token(auth_code):
	# Prepare the token request payload
	payload = {
		'grant_type': 'authorization_code',
		'client_id': CONSUMEY_KEY,
		'client_secret': CONSUMER_SECRET,
		'code': auth_code,
		'redirect_uri': REDIRECT_URI
	}

	# Make the token request
	response = requests.post(TOKEN_URL, data=payload)
	token_response = response.json()

	return token_response

if __name__ == '__main__':
	authorization_code = get_authorization_code()
	print (f"Authorization Code: {authorization_code}")

	token_response = get_access_token(authorization_code)
	print(f"OAuth Token Response: {token_response}")

Replace the values of lines 5 through 9 with the OAuth tokens you prepared.
Open Command Prompt or Terminal.
Run the generate_oauth_tokens.py script.
Copy the URL the script generates. Paste it into Command Prompt or Terminal and press Enter.
Copy the tokens the script generates and store them in a secure location.

Get the Object Name

Finally, get the object name from Salesforce. This is the last credential you need to provide to Knowledge Hub.

Log in to Salesforce.
Click Setup in the top right.
Use the Quick Find box to search for Object Manager, and then click Object Manager.
Find the object with the API Name Knowledge_kav.

Troubleshoot Common Errors

Python not recognized: If you receive this error, reinstall Python and ensure that add python.exe to PATH is selected.
ModuleNotFoundError: If you receive this error, run pip install requests.