Salesforce MCP Server with multi-user OAuth PKCE support for AI agents

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for hypn4 from gravatar.com hypn4

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Tags ai-agent , api , claude , crm , llm , mcp , model-context-protocol , oauth , pkce , salesforce
  • Requires: Python >=3.14
Classifiers
Report project as malware

Project description

Salesforce MCP Server

A Model Context Protocol (MCP) server that provides Salesforce integration for AI agents with multi-user OAuth 2.0 PKCE authentication support.

Features

  • Multi-user OAuth 2.0 with PKCE - Secure authentication without storing client secrets
  • 16 MCP tools across 4 categories for comprehensive Salesforce operations
  • Per-user Salesforce client caching - Efficient connection management
  • Configurable storage backend - Memory (default) or Redis for production deployments
  • Optional Fernet encryption - Encrypt stored OAuth data at rest
  • Dual transport modes - STDIO for local clients, HTTP for web-based OAuth flows

Available Tools

Category Tools
Query salesforce_query, salesforce_query_all, salesforce_query_more, salesforce_search
Records salesforce_get_record, salesforce_create_record, salesforce_update_record, salesforce_delete_record, salesforce_upsert_record
Metadata salesforce_describe_object, salesforce_list_objects, salesforce_get_object_fields
Bulk API salesforce_bulk_query, salesforce_bulk_insert, salesforce_bulk_update, salesforce_bulk_delete

Prerequisites

Installation

git clone https://github.com/hypn4/salesforce-mcp-server.git
cd salesforce-mcp-server
cp .env.example .env
# Edit .env with your Salesforce credentials
uv sync

Configuration

All configuration is done through environment variables. Copy .env.example to .env and adjust as needed.

HTTP Server Settings

Variable Default Description
FASTMCP_PORT 8000 HTTP server port
FASTMCP_BASE_URL http://localhost:8000 Base URL for OAuth callbacks

OAuth Redirect Configuration

Variable Default Description
OAUTH_REDIRECT_PATH /auth/callback OAuth callback path
OAUTH_ALLOWED_CLIENT_REDIRECT_URIS (empty) Comma-separated allowed client redirect URIs

Salesforce OAuth (Required)

Variable Required Description
SALESFORCE_CLIENT_ID Yes Connected App Consumer Key
SALESFORCE_CLIENT_SECRET No Client secret (leave empty for PKCE-only)

Salesforce Instance

Variable Default Description
SALESFORCE_LOGIN_URL https://login.salesforce.com Authorization server (use https://test.salesforce.com for sandbox)
SALESFORCE_INSTANCE_URL https://login.salesforce.com API calls and token verification URL

OAuth Storage Configuration

Variable Default Description
OAUTH_STORAGE_TYPE memory Storage type: memory or redis
REDIS_URL redis://localhost:6379 Redis connection URL (if using redis)
STORAGE_ENCRYPTION_KEY (empty) Fernet encryption key for stored data

Generate an encryption key with:

python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"

Logging

Variable Default Description
LOG_LEVEL INFO DEBUG, INFO, WARNING, ERROR

MCP Integration Guide

Two transport modes are supported:

  • STDIO Mode - For local MCP clients (Claude Desktop, Claude Code)
  • HTTP Mode (Streamable HTTP) - For web clients with OAuth 2.0 support (Gemini CLI)

Claude Desktop

Config file location:

  • macOS/Linux: ~/.config/claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

STDIO Mode (Recommended)

{
  "mcpServers": {
    "salesforce": {
      "command": "uvx",
      "args": ["salesforce-mcp-server", "stdio"],
      "env": {
        "SALESFORCE_CLIENT_ID": "your_connected_app_client_id",
        "SALESFORCE_LOGIN_URL": "https://login.salesforce.com",
        "SALESFORCE_INSTANCE_URL": "https://your-domain.my.salesforce.com"
      }
    }
  }
}

HTTP Mode

First, start the server:

uvx salesforce-mcp-server streamable-http

Then configure Claude Desktop:

{
  "mcpServers": {
    "salesforce": {
      "url": "http://localhost:8000/mcp"
    }
  }
}

Claude Code

Config file location:

  • Global: ~/.claude/settings.json
  • Project: .mcp.json

STDIO Mode (Recommended)

{
  "mcpServers": {
    "salesforce": {
      "command": "uvx",
      "args": ["salesforce-mcp-server", "stdio"],
      "env": {
        "SALESFORCE_CLIENT_ID": "your_connected_app_client_id",
        "SALESFORCE_LOGIN_URL": "https://login.salesforce.com",
        "SALESFORCE_INSTANCE_URL": "https://your-domain.my.salesforce.com"
      }
    }
  }
}

HTTP Mode

First, start the server:

uvx salesforce-mcp-server streamable-http

Then configure Claude Code:

{
  "mcpServers": {
    "salesforce": {
      "url": "http://localhost:8000/mcp"
    }
  }
}

Gemini CLI

Config file: ~/.gemini/settings.json

HTTP Mode with OAuth (Recommended)

First, start the server with environment variables:

SALESFORCE_CLIENT_ID=your_client_id \
SALESFORCE_LOGIN_URL=https://login.salesforce.com \
SALESFORCE_INSTANCE_URL=https://your-domain.my.salesforce.com \
uvx salesforce-mcp-server streamable-http

Then configure Gemini CLI:

{
  "mcpServers": {
    "salesforce": {
      "httpUrl": "http://localhost:8000/mcp",
      "authType": "oauth2"
    }
  }
}

Gemini CLI uses HTTP mode with OAuth 2.0 Dynamic Client Registration. The OAuth flow is handled automatically when you first use a Salesforce tool.

STDIO Mode

{
  "mcpServers": {
    "salesforce": {
      "command": "uvx",
      "args": ["salesforce-mcp-server", "stdio"],
      "env": {
        "SALESFORCE_CLIENT_ID": "your_connected_app_client_id",
        "SALESFORCE_LOGIN_URL": "https://login.salesforce.com",
        "SALESFORCE_INSTANCE_URL": "https://your-domain.my.salesforce.com"
      }
    }
  }
}

Running Manually

STDIO Mode:

uvx salesforce-mcp-server stdio
# or with local development:
just run

HTTP Mode:

uvx salesforce-mcp-server streamable-http
# or with local development:
just run-http

HTTP mode default endpoint: http://localhost:8000

Salesforce Connected App Setup

  1. In Salesforce Setup, navigate to App Manager
  2. Click New Connected App
  3. Fill in basic information (name, contact email)
  4. Enable OAuth Settings
  5. Set Callback URL to match your deployment:
    • For local development: http://localhost:8000/auth/callback
    • For production: https://your-domain.com/auth/callback
  6. Select OAuth scopes:
    • api (Access and manage your data)
    • refresh_token (Perform requests at any time)
    • offline_access (Perform requests at any time)
  7. Enable Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows
  8. Save and copy the Consumer Key (this is your SALESFORCE_CLIENT_ID)

Available Tools Reference

Query Tools

Tool Description
salesforce_query Execute a SOQL query against Salesforce
salesforce_query_all Execute a SOQL query including deleted and archived records
salesforce_query_more Fetch additional records from a paginated query result
salesforce_search Execute a SOSL full-text search

Record Tools

Tool Description
salesforce_get_record Get a single record by ID
salesforce_create_record Create a new record
salesforce_update_record Update an existing record
salesforce_delete_record Delete a record
salesforce_upsert_record Upsert a record using an external ID field

Metadata Tools

Tool Description
salesforce_describe_object Get metadata for an SObject (fields, relationships, etc.)
salesforce_list_objects List all available SObjects in the org
salesforce_get_object_fields Get field information for an SObject

Bulk API Tools

Tool Description
salesforce_bulk_query Execute a bulk query for large data sets (>2,000 records)
salesforce_bulk_insert Insert multiple records efficiently
salesforce_bulk_update Update multiple records efficiently
salesforce_bulk_delete Delete multiple records efficiently

Development

Commands

Command Description
just run Run server in STDIO mode
just run-http Run server in HTTP mode
just run-debug Run with DEBUG logging
just test Run tests
just test-cov Run tests with coverage
just lint Run linter
just lint-fix Run linter with auto-fix
just fmt Format code
just inspector Run with MCP Inspector for debugging
just tools List all registered MCP tools

Project Structure

salesforce-mcp-server/
├── src/salesforce_mcp_server/
│   ├── server.py          # FastMCP server setup
│   ├── tools/             # MCP tool implementations
│   │   ├── query.py       # SOQL/SOSL query tools
│   │   ├── records.py     # Record CRUD tools
│   │   ├── metadata.py    # Metadata tools
│   │   └── bulk.py        # Bulk API tools
│   ├── oauth/             # OAuth handling
│   │   ├── storage.py     # Storage backends
│   │   └── token_*.py     # Token management
│   └── salesforce/        # Salesforce client
├── tests/
├── .env.example
├── justfile
└── pyproject.toml

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for hypn4 from gravatar.com hypn4

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Tags ai-agent , api , claude , crm , llm , mcp , model-context-protocol , oauth , pkce , salesforce
  • Requires: Python >=3.14
Classifiers

Release history Release notifications | RSS feed

0.4.2

0.4.1

0.4.0

0.3.0

0.2.1

This version

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

salesforce_mcp_server-0.2.0.tar.gz (75.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

salesforce_mcp_server-0.2.0-py3-none-any.whl (24.8 kB view details)

Uploaded Python 3

File details

Details for the file salesforce_mcp_server-0.2.0.tar.gz.

File metadata

  • Download URL: salesforce_mcp_server-0.2.0.tar.gz
  • Upload date:
  • Size: 75.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.9.28 {"installer":{"name":"uv","version":"0.9.28","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for salesforce_mcp_server-0.2.0.tar.gz
Algorithm Hash digest
SHA256 9cdd3a12f41b72ed9b8afdbcc3a11cd0ceabeef6de822680149cb01d76cc05ed
MD5 3c2a12d444a9d58964d584e1b9a19960
BLAKE2b-256 ea49a6285f808d692ea3633a19450e5ef8a6841c940b15fd67d7327050ff560c

See more details on using hashes here.

File details

Details for the file salesforce_mcp_server-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: salesforce_mcp_server-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 24.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.9.28 {"installer":{"name":"uv","version":"0.9.28","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for salesforce_mcp_server-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 64a6e6c01106c48325bc90d72e1821e79a67bbc1f7cc0b34afb59636d96cd012
MD5 05c5fe14346d7a949354f1bcaf5726f8
BLAKE2b-256 bf8796f71d00ed3643f14fe953963fc0368b9cb514a1cbc1e1b15c35edbea397

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page