{"id":18617,"library":"node-salesforce-jwt","title":"node-salesforce-jwt","description":"Minimal implementation of the Salesforce OAuth 2.0 JWT Bearer Token Flow for server-to-server authentication. Version 1.1.0 is the current stable release with no recent updates (low maintenance cadence). Enables impersonating users via a connected app's private key and consumer key. Key differentiator: lightweight (no heavy SDK) and designed to integrate with jsforce by returning access_token and instance_url. No breaking changes reported; simple callback-based API.","status":"maintenance","version":"1.1.0","language":"javascript","source_language":"en","source_url":"https://github.com/moshekarmel1/node-salesforce-jwt","tags":["javascript","Salesforce","JWT","OAuth"],"install":[{"cmd":"npm install node-salesforce-jwt","lang":"bash","label":"npm"},{"cmd":"yarn add node-salesforce-jwt","lang":"bash","label":"yarn"},{"cmd":"pnpm add node-salesforce-jwt","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Used to sign the JWT assertion with the private key.","package":"jsonwebtoken","optional":false}],"imports":[{"note":"Package uses CommonJS; no default or named ESM export. Use require() in Node environments.","wrong":"import { getToken } from 'node-salesforce-jwt';","symbol":"getToken","correct":"const nsj = require('node-salesforce-jwt'); nsj.getToken(options, callback);"},{"note":"CJS only. The entire module.exports is an object with getToken.","wrong":"import nsj from 'node-salesforce-jwt';","symbol":"module.exports","correct":"const nsj = require('node-salesforce-jwt');"}],"quickstart":{"code":"const nsj = require('node-salesforce-jwt');\nconst jsforce = require('jsforce');\nconst fs = require('fs');\n\nconst options = {\n  isTest: true,\n  clientId: process.env.SF_CONSUMER_KEY ?? '',\n  privateKey: fs.readFileSync('./private.key', 'utf8'),\n  user: 'admin@example.com'\n};\n\nnsj.getToken(options, (err, response) => {\n  if (err) { console.error(err); return; }\n  const conn = new jsforce.Connection();\n  conn.initialize({\n    instanceUrl: response.instance_url,\n    accessToken: response.access_token\n  });\n  conn.query('SELECT Id, Name FROM Account LIMIT 1', (err, result) => {\n    if (err) { console.error(err); return; }\n    console.log('First record:', result.records[0]);\n  });\n});","lang":"javascript","description":"Demonstrates how to obtain a JWT bearer token using a private key and connected app credentials, then use it with jsforce to query Salesforce."},"warnings":[{"fix":"Set isTest: true for sandbox/test instances, false for production. This is not automatically detected.","message":"The isTest option determines the token endpoint URL: test.salesforce.com vs login.salesforce.com. Incorrect value leads to 404 errors.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Ensure privateKey is a string: fs.readFileSync('./key.pem', 'utf8')","message":"The privateKey must be a string (e.g., read via readFileSync with 'utf8'). Passing a Buffer or file path directly will cause errors.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use the Consumer Key (long string ending with .something) from your Salesforce Connected App definition.","message":"The clientId must be the Consumer Key from the connected app, not the Consumer Secret. Mixing them results in authentication failure.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Set environment variable NODE_TLS_REJECT_UNAUTHORIZED=0 (not recommended) or update Node.js CA certificate bundle.","cause":"Missing or outdated root CA certificates in Node.js environment.","error":"Error: unable to get local issuer certificate"},{"fix":"Verify the clientId is the Consumer Key from the connected app (not the Consumer Secret) and that the app is properly configured with the correct OAuth scopes.","cause":"The clientId provided does not match a valid Salesforce Connected App Consumer Key.","error":"{\"error\":\"invalid_client_id\",\"error_description\":\"client identifier invalid\"}"},{"fix":"Ensure the private key file is correctly formatted with BEGIN and END RSA PRIVATE KEY lines. Read file with utf8 encoding.","cause":"The privateKey string does not contain a valid PEM-encoded key (e.g., missing header/footer).","error":"Error: PEM_read_bio:no start line"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}