Embed Size (px)
Citation preview
By:Vijay NaikNumaan Ahmed
Overview
• What is OAuth?• Why do we need OAuth?• Architecture• OAuth & Force.com• Connected App Administration• Hands on
Access Resources on Browser
3rd Party App
3rd Party App
Modified Flow
What Is OAuth?
• Open Authorization• Authorization protocol
- To allow 3rd party apps to access data on your behalf- Without revealing the password- Sometime even without presence of the user
• A framework to allow secure API access
Why do we need OAuth?• To allow 3rd party apps to access data on your behalf without
revealing password• Sharing Password is a bad thing• Provide Restricted Access, i.e. allow access to selected
resources• Revoke access without changing password
Steps
• Generate Access Token (Session Id) using OAuth Flow
• Make API calls using Access Token
OAuth Is…
“a process of generating Access Token, without revealing the password”
OAuth & Force.com
Web Server Flow
HTTP Request
Method
Endpoint
Body
Header
Http Request
Grant_Type
Authorization_Code
Consumer_Id
Consumer_Secret_Code
RedirectUri
User Agent Flow
Refresh Token Flow
User Name Password Flow
Connected App Administration
• Setting the scopes• Setup Trusted IP Ranges• Expire Refresh Token• Set Session Policies• Block Apps
Hands On!
http://bit.ly/1p0vZBd
