react-nativesalesforcemobile-applicationsimple-salesforcesalesforce-mobile-sdk

Creating a Generic Mobile App for Salesforce Org Connection


I'm currently working on developing a mobile app that connect to my own Salesforce organizations. I have created the application using forcereact as mentioned in their Official Documentation: https://developer.salesforce.com/docs/atlas.en-us.mobile_sdk.meta/mobile_sdk/react_native_new_project.htm

The app authenticate the user by opening a Secure login webpage and authenticate the user based on Consumer Key provided in android>app>src>main>res>values>bootconfig.xml file. The file contains remoteAccessConsumerKey, oauthRedirectURI and oauthScopes which are configured on Connected app in Salesforce Org. Salesforce link: https://developer.salesforce.com/docs/atlas.en-us.mobile_sdk.meta/mobile_sdk/connected_apps.htm

My goal is to create a generic app that can be downloaded from Mobile app stores and used by individuals with their own Salesforce orgs. However, I'm unsure about the best approach to make the app generic and ensure a seamless connection to users' individual Salesforce orgs without relying on a specific Consumer Key that is provided by Connected App.

I would greatly appreciate any guidance, advice, or best practices you can provide for implementing this functionality to make a generic mobile app which can be used by anyone.


Solution

  • It's ok to deploy with key and secret you control. You don't need a key per org. Keys generated in sandboxes can be used to login to productions (but if you ever delete/refresh that sandbox - the key becomes invalid).

    You probably noticed that connected apps look weird, you manage them in kind of 2 roles, creator that has full control (but only in this org) and admin that can "install", agree to use the app (maybe even mark it preauthorised) or block access.

    Play with logging in via Workbench or the Open ID sample app. How does this work? Workbench's key is somewhere and yet you can login to any prod, any sandbox. Open ID one even lets you choose your own key if you don't want the built-in. Even lets you login to community, not just internal Salesforce.

    And after you played a bit - check your Setup -> Connected Apps OAuth Usage and on your user's setup page -> check the "Connected Apps" related list. This is what you control as admin of "client" org.

    This might be interesting reading: https://salesforce.stackexchange.com/a/392187/799 and (shameless plug) I like my answer https://stackoverflow.com/a/69810951/313628 for getting comfortable with OpenID.

    So... you should have a screen in your app that lets you select the target url (prod/sandbox/custom domain, just like the Salesforce mobile app has), encrypt your file with key & secret... but other than that you should be fine.