Salesforce JWT Connected System

Overview

Salesforce Messaging for In-App and Web (MIAW) user verification requires signed RS256 JWT identity tokens for secure authenticated chat sessions. This plug-in enables Appian applications to generate and manage those JWTs securely through a reusable Connected System without exposing private keys or implementing custom token-generation logic outside Appian.

The plug-in supports enterprise use cases where Appian applications need to embed or launch authenticated Salesforce chat experiences, pass verified user identity into Salesforce messaging, and support token refresh during long-lived chat sessions.

It is designed for customer service, claims, banking, insurance, healthcare, and other regulated environments where secure authenticated messaging and centralized credential management are required.

Key Features & Functionality

Connected System Features:

• Secure storage of Salesforce JWT configuration including RSA private key, key ID (kid), issuer (iss), audience (aud), and token TTL
• RS256 signed JWT generation for Salesforce Messaging User Verification
• Credential isolation—private keys remain server-side and are never exposed to the browser

Client API:

• GenerateJWT Client API callable from Appian.Component.invokeClientApi
• Supports browser-based token generation requests for UI component plug-ins
• Returns signed identity tokens and expiration metadata
• Supports dynamic subject (sub) and optional custom claims

Integration Features:

• Server-side Integration Template for direct use from SAIL or process models
• Generate identity tokens using Appian integrations and rules
• Reusable for backend orchestration patterns

Security and Runtime Features:

• Automatic JWT refresh support for expired identity tokens
• Supports Salesforce Messaging for In-App and Web (MIAW)
• Designed to integrate with Salesforce embedded chat components
• Compatible with Appian 21.2+
• Supports reusable authentication patterns for custom Appian plug-ins