Secure flow resumption system allowing users to continue multi-step Salesforce flows via email verification with JWT tokens.
- User enters name/email on Screen 1
- Check if a Lead with the provided email already exists
- If the lead doesn't exist, create a lead, then continue to the next screen.
- User enters name/email on Screen 1
- If the lead exists, show a "Continue previous application?" popup and button
- If the user clicks the "Continue" button, send a POST API request to
/continue-flow?email="user@email.com" - In the API backend:
- Generates secure JWT token (1hr expiry)
- Sends email via Microsoft Graph API
- User then clicks email link with JWT token → Navigates to link in browser
- Check if
tokenparam exists in the URL. If it does, execute the following steps:- Grab token from URL params, then send POST API request to
/validate-token?token="..." - If the token is valid, fetch lead using email and resume flow from saved step (in lead object)
- Grab token from URL params, then send POST API request to
🔒 JWT Token Security
- Secret stored securely in Azure (not exposed to Salesforce)
- 1-hour expiration
- Email verification required
- Salesforce: Flow + Apex HTTP callouts
- Azure: Express API + Microsoft Graph (email)
- Security: JWT tokens + Azure Key Vault