Identity Flows : OAuth 2.0 : Amit Chaudhary
Identity Flows : OAuth 2.0
by: Amit Chaudhary
blow post content copied from Apex Hours
click here to view original post
March 12, 2021 at 07:30PM
Click here for more details...
=============================
The original post is available in Apex Hours by Amit Chaudhary
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================
by: Amit Chaudhary
blow post content copied from Apex Hours
click here to view original post
We’ll look at several core OAuth flows relevant to Salesforce.
| User interaction | No user interaction |
| Authorisation Code + Secret (Web Server) Implicit Grant (User-Agent) Authorization Code + PKCE |
JWT Bearer SAML Bearer Username-Password |
Intended audience: Architects, developers, security professionals and identity buffs.
For each flow we’ll cover:
- Sequence of steps
- Interesting characteristics
- Implementation considerations and trade-offs
Common pre-requisites
- Secure HTTP channel for at least some of the communication
- Auth server provides client app for inbound integration
- Auth server client app configured with whitelist of acceptable redirect_uris (no pattern matching)
- Client aware of client_id from auth server’s client app
- Resources at client redirect_uris protect against XSS
- For mobile apps: App uses native device browser for authentication
Decision guide
| Context | Authorisation Code + Secret (Web Server) | Implicit Grant (User-Agent) |
Authorisation Code + PKCE | |
| 1 | Enterprise app with secure server component authenticating to Salesforce | Good choice | Suboptimal | Suboptimal |
| 2 | Partner app with trusted server authenticating to Salesforce | Good choice | Suboptimal | Suboptimal |
| 3 | App built with Salesforce Mobile SDK | Bad choice | Good choice* | Suboptimal |
| 4 | Custom mobile app, Single Page Application (SPA) or desktop app authenticating to Salesforce (no client server) | Bad choice | Suboptimal | Good choice |
| 5 | Salesforce authenticating to an auth server | Good choice | Suboptimal | Suboptimal |
*Assuming default Mobile SDK methods used
| Context | JWT Bearer | SAML Bearer | Username-Password | |
| 1 | Salesforce -> Auth. Server integration | Good choice | Suboptimal | Suboptimal |
| 2 | Client Server -> Salesforce integration where client can easily construct a JSON web token | Good choice | Suboptimal | Suboptimal |
| 3 | Client Server -> Salesforce integration where client can easily construct and encode an XML format SAML assertion | Suboptimal | Good choice | Suboptimal |
Further Learning
- https://ift.tt/3qFtR17
The post Identity Flows : OAuth 2.0 appeared first on Apex Hours.
March 12, 2021 at 07:30PM
Click here for more details...
=============================
The original post is available in Apex Hours by Amit Chaudhary
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================
Post a Comment