Salesforce JWT(Json Web Tokens) authentication in new flow editor


This article describes the step-by-step process of configuring JWT authentication based account for webmethods cloudstreams salesforce provider.


  • User needs to have a working salesforce developer account
  • Working new flow tenant


  • Create digital signature certificate(.crt) and keystore (.jks) files using Openssl tool
  • Create a connected app in salesforce
  • Configure a JWT authentication based account in integration


  1. Install OpenSSL-Win64 --> open the installation directory OpenSSL-Win64\bin --> run the below command to generate cerificate and keystore file.
  • openssl req -x509 -sha256 -nodes -days 1000 -newkey rsa:2048 -keyout <file_name>.key -out <file_name>.crt  (generates private and public key pair)
  • openssl pkcs12 -export -in <file_name>.crt -inkey <file_name>.key -out <file_name>.p12   (Keystore in PKCS12 format)
  • keytool -importkeystore -srckeystore <file_name>.p12 -srcstoretype PKCS12 -destkeystore <file_name>.jks -deststoretype JKS  (Keystore in .jks format)

     2. Login to

     3. In the upper-right corner click on "setup"

     4. In the left-hand pane, find Apps in quick find box(Build > Create > Apps)

      5. Fill out basic information like "connected app name“, "API Name" , "Contact Email" and select Enable OAuth Settings under API (Enable OAuth Settings) field

     6. In the Callback URL field, enter the callback URL. Ex:

     7. In the Selected OAuth Scopes field, add all “Available OAuth Scopes

     8. Check the “Use digital signatures” option, and browse .crt certificate

     9. Click the Save button to save the new Connected App and “continue” to take effect on the server.

Note: Allow from 2-10 minutes for your changes to take effect on the server before using the connected app.

10. In the Connected Apps list, find the App that you just created, and then click Manage under API (Enable OAuth Settings) note down Consumer Key (Issuer)

11. Login to the & create the new project then choose the flow service then click on the ‘+‘ icon to create the new flow service.

12. Name the flow service, browse Salesforce® CRM REST - version 48 connector then click on "Add custom operation"

13. Select the authentication type as "Oauth V2.0(JWT Flow)" , then click on "+" button

14. Name the account, fill out instance details, Issuer(Consumer Key) and subject(username of Salesforce account)

15. Click on "+" button of JWT Keystore, name the certificate, browse .jks file and fill passphrase(password provided while creating the certificate), click "Next"

16. Enter key alias (password provided while creating .jks file) and hit “save”, choose added .jks from the dropdown of JWT KeyStore and JWT Key Alias and hit “ADD”


Note: After following the steps mentioned above, if user still gets the error
“user hasn’t approved this consumer” from salesforce.
Please hit the authorization code url once by replacing instancename,
consumer key, redirect uri and Now try adding Salesforce JWT
Account in (from Step 13)<consumer_key>&redirect_uri=<redirect_uri>&response_type=code

1 Like