Recently I have been working on a mobile and tablet strategy for Jobscience. I have looked at a variety of options from Heroku and building native iOS apps to several of the new frameworks out there that leverage JavaScript and HTML5. I really want to build a 100% native salesforce application that leverages a lot of the work we have already invested in and reuse classes we have already built. I would also like to avoid the app store.

As I started to do mockups and mess around with logging in to SFDC I quickly ran into not being able to create a custom login screen. Searching through the forums you see others have asked for this and in Ideas this looks like it may be coming in a future release, but I am impatient and want it now.

In my quest to stay 100% native, I needed to leverage sites and create a login screen (the easy part). Many will create a login page and then submit the form doing something like this:

https://login.salesforce.com?un="+username+"&pw="+password+"&startURL=/apex/somepage

That will work, but if you enter an invalid username and password you get sent back to the standard SFDC login. Sure it works, but it really messes up the flow and branding.

I considered building an oAuth sites page and just have SFDC and the org I was in oAuth itself, but after discussing with a few people this didn’t seem like it could happen and may be more hassle than what it was worth.

I then watched the “Developing Mobile Force.com Apps for the iPhone and iPad” webinar. In it Mike Leach from Facebook discusses building web-container based apps with Facebook’s iOS Mobile Framework. This would get me closer to my goal, but seems like an extra step to get the login right and I am also just building for iOS and not the other mobile/tablet devices.

There had to be a way to do something seemingly so simple. After some back and forth with my co-worker Mike Gallagher, and Pat Patterson at salesforce, it hit me. Could I just leverage the AJAX toolkit to login and get a token I could then pass in the url? With the toolkit I would get back any error messages and be able to display them to the end user. It worked as expected. I added a little code to force the user in to HTTPS and the user logged right in. I quickly jumped on my iPad to login and was confronted right away with the error message that my device was not authorized. $#%#$%!

Once again my flow was messed up. The AJAX Toolkit didn’t return a link to email me so I could authorize the device and to be honest I didn’t want that to happen. I just want to log in. The solution came to me quickly. I added my SFDC site URL to the list of Remote Sites that can access salesforce and problem solved.

With the SFDC Summer release there are some other ways to grab the variables I used and in the future I suspect there will be easier ways to handle this but for now this works and gets me 100% native in salesforce. I can build across devices if I want and leverage years of existing work. Please feel free to comment on other possible solutions or how to improve on this.

The code is up on github: https://github.com/BPeddle/SFDC.Custom.Login. If you have any questions on it I will be happy to try and help out.

You can see the sample here: http://brianpeddle-developer-edition.na8.force.com/custom_login

Get some good inspiration from Financial Force. David Yarham has built a nice demo and shared the code.