OAuth Concepts

OAuth Concepts

In this session we will talk about OAuth Concepts. You’ve likely heard of OAuth…but what exactly is it? How is it used in Salesforce and where does it fit in with other protocols like SAML? This webinar will answer these questions and more, including.

Agenda:

  1. Overview of OAuth
  2. Actors in OAuth
  3. OAuth vs SAML
  4. A Few Flows
  5. OAuth in Action!

 

Topic      : Oauth Concepts

Speaker : Susannah Kate St-Germain

Date       : Saturday, JAN 11, 2019 10:00 AM EST ( 8:30 PM IST)

Where   : Online

RSVP   : https://trailblazercommunitygroups.com/e/mbvrwc/

Here is Keynotes From our session:-

OAuth is short for open authorization

  • OAuth 2.0 is a framework that allows for secure way for systems to establish trust with one another
  • The end goal is to obtain an access token that can be used by to access protected resources without ever providing your username or password to the other system

Actors in OAuth 2.0

  • Resource Owner
  • Client
  • Resource Server
  • Authorization Server

*User-Agent (sometimes)

 

Why use OAuth with Salesforce?

  • Security!
  • We know Salesforce is built on trust
  • But what happens when we start communicating with other systems
    or other systems talk to us?
  • It becomes OUR responsibility!

 

Where is OAuth Used in Salesforce?

A few examples of where you can use OAuth with the Salesforce Platform

Outbound Inbound
HTTP callouts Mobile Apps
Authentication via OpenID Connect Web Apps
Salesforce Connect Smart Devices
Middleware

 

Depending on your use case, there is a combination of declarative and programatic elements required to leverage Oauth w/SFDC

Direction Config Code
HTTP Callouts Outbound Named Credential The callout
Authentication via OpenID Connect Outbound Connected App, Authentication Provider Registration Handler for Auth Provider
Mobile Apps, Web Apps, Smart Devices, Middleware Inbound Connected App None (potentially) clients will just leverage the APIs

Go With the Flow

Outbound:-  When you are going outbound from SFDC w/named credentials SFDC uses the Web Server Flow OOTB

Inbound - you decide! Salesforce supports the following flows

  • SAML Bearer Assertion
  • JWT Bearer Token
  • Refresh Token
  • Web Server Authentication
  • Username-Password
  • User-Agent
  • Device Authentication
  • Asset Token
  • SAML Assertion

 

Web Server Flow

  1. The gold standard
  2. Also called “authorization code” flow
  3. Used for web apps that can be trusted to secure the consumer secret (from the connected app that you set up….or that gets setup for you!)
  4. Remember our main goal?
  5. Web Server Authentication Flow provides an access token AND a refresh token

 

Here is recording of session.

Please note that we have limit of 300 attendees that can join the online sessions. However, recording will be posted on our YouTube channel. Make sure to subscribe our YouTube channel to get notification for video upload.

Let us know which topic you want learn next in ApexHours.

 

Sharing is Caring so Share with your friends

 

Thanks,
Salesforce Apex Hours

Leave a Comment