I am trying to Authenticate the Calls to My Odatav4 , In My Service I have started accepting JWT token in header and it is working if i call the service in postman with JWT token in header,
Now in my salesforce Org i am using this service to get External Objects from other system, i need to send JWT token in header when the Salesforce connect calls my Odata4 endpoint,
Salesforce DOcs are really not that helpful.
Any Suggestions would be of great help.
Thanks Arjun.M
Consider your odata service to be the "Resource Server" (RS) and Salesforce to be the "Resource Client" (RC). You will have configured your (Salesforce) auth provider with the details of the "Authorization Server" (AS).
When the named credential is configured with the auth provider, and then the named credential is utilised (either via your own apex code, or via Salesforce internals that are converting the data requests into OData requests against your external data source), Salesforce authenticates with the supplied credentials and (makes a POST) to the AS. In the (successful) response, it gets an access token (AT) (amongst other things).
If you check the option on the named credential to "Generate Authorization Header", that AT retrieved from the AS will be sent as a header with the request.
Authorization: Bearer {access_token}
The RS (your odata service) will receive that that header, and is required to validate the token. (i.e. check that the request is authorised)
This question addresses the same subject. One of the answers states:
the interface between Resource Server and Authorization Server for token validation was standardized in IETF RFC 7662 in October 2015
and links to this spec
Essentially, your odata service will receive a bearer token, and needs to use it to request a JWT from the authorisation server. The JWT will supply the relevant assertions: Issuer, audience etc. that your odata service can check to see if it is happy to serve the response.
