OAuth

 

OAuth (Open Authorization) is an authorization framework that allows third-party applications to securely access Salesforce resources on behalf of a user without sharing their credentials.

It enables users to grant limited access to their Salesforce data to external applications which enhances security and the user experience.

 

Components of OAuth

 

Grant Types

 

Authorization Code Grant

Used for server-side applications where the application exchanges an authorization code for an access token.

 

Implicit Grant

Used for client-side applications, where the access token is returned directly without an authorization code.

 

Resource Owner Password Credentials Grant

Used for applications where the user’s credentials are directly provided to the application.

 

Client Credentials Grant

Used for machine-to-machine communication, where an application accesses resources without user context.

 

Access Tokens

After Authorization the application receives an access token which can be used to make authenticated requests to Salesforce APIs. Access tokens have a limited lifespan and may need to be refreshed.

 

Scope

Scopes define the level of access that the application is requesting i.e, an application might request access to read and write data or only to read data.

 

Connected Apps

A Connected App is needed to enable OAuth authentication. This includes defining the OAuth settings such as callback URLs, scopes, and policies.

 

What is the Benefit?

 

Integration with Third-Party Applications

Allow external applications like apps or webservices to access Salesforce data securely.

 

Single Sign-On (SSO)

Enable users to log into multiple applications with a single set of credentials.

 

API Access

Allow developers to access Salesforce APIs securely.

 

Common Use Cases of OAuth

Use Case Roles Scenario Outcome
App Integration Admins Secure Connection
  • Utilize one time login to generate security access token
  • App utilizes access token to login, instead of accessing user credentials
SSO Admins Reduced Login
  • Utilize tooling like Okta to access multiple apps from one location
  • Users login to Okta then open Salesforce from secure page
  • Store FederationId in Salesforce to maintain security protocols
API Access Admins Control call permissions
  • Define ability for external systems to call/pull information from Salesforce
  • Verify authentication in real-time

 

 

 

Who is Impacted?

 

Developers

Developers will use OAuth to connect to APIs, build the connected Apps and ensure secure connections when working across external applications.

 

End Users

End Users will see a streamlined login process and the ability to greater control access to their programs by approving or revoking security requests.

 

Security/Compliance

Security and Compliance teams will ensure OAuth implementations comply with organizational security policies and best practices to protect sensitive data.

 

Related Terms

Back to Dictionary Index Page