Transcript
Page 1: Deep Dive into OAuth for Connected Apps

Deep Dive into OAuth for Connected Apps

 Hargobind Singh  Senior Manager  [email protected]  @hargobindsingh  

Page 2: Deep Dive into OAuth for Connected Apps

Hargobind Singh Senior Manager, Capgemini

Page 3: Deep Dive into OAuth for Connected Apps

•  About oAuth

•  Implementation Scenarios

•  Demo

•  Wrap Up

Overview

Page 4: Deep Dive into OAuth for Connected Apps

About oAuth

Page 5: Deep Dive into OAuth for Connected Apps

 The OAuth specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs

 Benefits :

 - Security

 - Maintenance

 - Ease of Use

Why OAuth ?

App

Access App

Authenticate

Authorize

Page 6: Deep Dive into OAuth for Connected Apps

 OAuth allows a client application restricted access to your data at a resource server via tokens issued by an authorization server in response to your authorization.

 Token Types:

Authorization Code

short-lived token created by the authorization server and passed to the client application via the browser.

Access Token

The access token is used by the client to make authenticated requests on behalf of the end user.

Refresh Token

The refresh token may have an indefinite lifetime

oAuth

Page 7: Deep Dive into OAuth for Connected Apps

Implementation Scenarios

Page 8: Deep Dive into OAuth for Connected Apps

Web Server Flow

 Most web apps would use a web-server flow to obtain a token on behalf of the end-user

Page 9: Deep Dive into OAuth for Connected Apps

Authenticate, Authorize Client

Parameter Description

response_type Must be set to code to request an authorization code.

client_id Your application's client identifier (consumer key in Connected App Detail).

redirect_uri The end user's browser will be redirected to this URI with the authorization code. This must match your application's configured callback URL.

Page 10: Deep Dive into OAuth for Connected Apps

Token Response Parameter Description

code The value returned by the authorization server in the previous step.

grant_type Set this to authorization_code.

client_id Your application's client identifier.

client_secret Your application's client secret (consumer secret in the connected app detail page).

redirect_uri Again, this must match your application's configuration.

Page 11: Deep Dive into OAuth for Connected Apps

Web Server Flow: Response

Parameter Description

id A URL, representing the authenticated user, which can be used to access the Identity Service.

instance_url Identifies the Salesforce instance

refresh_token A long-lived token that may be used to obtain a fresh access token

access_token The short-lived access token.

Page 12: Deep Dive into OAuth for Connected Apps

Web Server Flow - Response

 Sample Response

Page 13: Deep Dive into OAuth for Connected Apps

User Agent Flow

 The user agent flow allows client applications running on user’s browser to obtain an access token

Page 14: Deep Dive into OAuth for Connected Apps

Request Token

Parameter Description

response_type Value can be token, or token id_token with the scope parameter openid and a nonce parameter

client_id Your application's client identifier (consumer key in Connected App Detail).

redirect_uri The end user's browser will be redirected to this URI with the authorization code. This must match your application's configured callback URL.

Page 15: Deep Dive into OAuth for Connected Apps

User Agent Flow: Response

Parameter Description

id A URL, representing the authenticated user, which can be used to access the Identity Service.

instance_url Identifies the Salesforce instance

refresh_token A long-lived token that may be used to obtain a fresh access token

access_token The short-lived access token.

Page 16: Deep Dive into OAuth for Connected Apps

Token Refresh

 Once the lifetime of a token expires, the client application can use the refresh token to obtain a new access token

Page 17: Deep Dive into OAuth for Connected Apps

Request Token

Parameter Description

grant_type Set this to refresh_token.

client_id Your application's client identifier.

client_secret Your application's client secret (optional).

refresh_token The refresh token provided in the previous authorization.

Page 18: Deep Dive into OAuth for Connected Apps

Token Refresh: Response

Parameter Description

id A URL, representing the authenticated user, which can be used to access the Identity Service.

instance_url Identifies the Salesforce instance

refresh_token A long-lived token that may be used to obtain a fresh access token

access_token The short-lived access token.

Page 19: Deep Dive into OAuth for Connected Apps

Demo

Page 20: Deep Dive into OAuth for Connected Apps

Demo

 Connected App

 Web Server Flow:

•  Send request to get token

•  Send token to get Access Token

•  Use Access Token to query data

Page 21: Deep Dive into OAuth for Connected Apps

Wrap Up

Page 22: Deep Dive into OAuth for Connected Apps

Wrap Up

 What we covered:

•  oAuth Basics

•  oAuth Implementation Flows

•  Demo

 More Info:

•  Salesforce oAuth Documentation

Page 23: Deep Dive into OAuth for Connected Apps

Questions

 Hargobind Singh

 @hargobindsingh

Page 24: Deep Dive into OAuth for Connected Apps

Thank you


Recommended