What would be the best-practice to show content from Secured Salesforce sources to anonymous users?
Out-of-the-box, it appears that the Coveo for Salesforce integration can only show the content of Shared sources to anonymous users, which makes perfect sense at first glance.
However the native search box on a Salesforce community seems to be able to show results for at least some objects (e.g. Questions) that have permissions attached, even if users are anonymous. We suspect this is due to the native search being able to show said content to anonymous users through the community's guest user profile.
Ultimately, the end-goal would be to show selected objects from Secured sources to anonymous users in a first step, and then to respect the permissions as usual once users are logged in.
Use of the Anonymous Profile as per https://onlinehelp.coveo.com/en/cloud/configuringcoveoforsalesforcev2.htm does not appear to be giving out the desired result.
One idea would consequently be to identify the community's guest user's email and to inject the latter in the access token via userIds as per https://developers.coveo.com/display/public/SearchREST/Search+Token+Authentication. Obviously, one would need to ensure that the objects in question are visible to the guest user profile, on Salesforce's side.
1) Would you have a better recommendation?
2) Did we miss an easy out-the-box way to achieve this goal?
We'd certainly have follow-ups, but let's start form the above foundation.
Your Search Token should already contains the email address of the guest user when you are searching from an anonymous community. You can easily grab your Search Token from the network tab of your browser and explore it's content on a website like https://jwt.io/. If this profile have access to the content in Salesforce, it should also have access through Coveo Search.
If the user doesn't have access to it in Salesforce and you want to show the content anyways, it's against our recommendations but you can add additional user identities if you generate your own token. There are multiple ways to achieve that: https://developers.coveo.com/display/public/SalesforceV2/JsSearch+Visualforce+Component#JsSearchVisualforceComponent-additionalUserIdentities https://developers.coveo.com/display/public/SalesforceV2/Community+Builder+-+Advanced+Lightning+Integration#CommunityBuilder-AdvancedLightningIntegration-GenerateaSearchTokenwithCustomCode