In this session we will talk about OAuth Concepts in Salesforce. You’ve likely heard of OAuth…but what exactly is it? How is it used in Salesforce and where does it fit in with other protocols like SAML? This webinar will answer these questions and more, including.

What is OAuth Concepts?

OAuth is short for open authorization. OAuth 2.0 is a framework that allows for a secure way for systems to establish trust with one another. The end goal is to obtain an access token that can be used by to access protected resources without ever providing your username or password to the other system

Actors in OAuth 2.0

What all are Oauth 2.0 Actors ?

  • Resource Owner
  • Client
  • Resource Server
  • Authorization Server

*User-Agent (sometimes)

Why use OAuth with Salesforce?

  • Security!
  • We know Salesforce is built on trust
  • But what happens when we start communicating with other systems
    or other systems talk to us?
  • It becomes OUR responsibility!

Where is OAuth Used in Salesforce?

A few examples of where you can use OAuth with the Salesforce Platform

HTTP calloutsMobile Apps
Authentication via OpenID ConnectWeb Apps
Salesforce ConnectSmart Devices

Depending on your use case, there is a combination of declarative and programatic elements required to leverage Oauth w/SFDC

HTTP CalloutsOutboundNamed CredentialThe callout
Authentication via OpenID ConnectOutboundConnected App, Authentication ProviderRegistration Handler for Auth Provider
Mobile Apps, Web Apps, Smart Devices, MiddlewareInboundConnected AppNone (potentially) clients will just leverage the APIs

Go With the Flow

Outbound:-  When you are going outbound from SFDC w/named credentials SFDC uses the Web Server Flow OOTB

Inbound – you decide! Salesforce supports the following flows

  • SAML Bearer Assertion
  • JWT Bearer Token
  • Refresh Token
  • Web Server Authentication
  • Username-Password
  • User-Agent
  • Device Authentication
  • Asset Token
  • SAML Assertion

Web Server Flow

  1. The gold standard
  2. Also called “authorization code” flow
  3. Used for web apps that can be trusted to secure the consumer secret (from the connected app that you set up….or that gets setup for you!)
  4. Remember our main goal?
  5. Web Server Authentication Flow provides an access token AND a refresh token

OAuth Concepts Video

YouTube video

Please note that we have limit of 300 attendees that can join the online sessions. However, recording will be posted on our YouTube channel. Make sure to subscribe our YouTube channel to get notification for video upload.

Let us know which topic you want learn next in ApexHours.

Amit Chaudhary
Amit Chaudhary

Amit Chaudhary is Salesforce Application & System Architect and working on Salesforce Platform since 2010. He is Salesforce MVP since 2017 and have 17 Salesforce Certificates.

He is a active blogger and founder of Apex Hours.

Articles: 466


Leave a Reply

Your email address will not be published. Required fields are marked *