The Salesforce Developers website will undergo maintenance on May 29, 2024 from 3:00 a.m. UTC to 10:00 a.m. UTC. The maintenance process may affect the availability of our documentation. Please plan accordingly.

OAuth Roles OAuth (an abbreviation of open authorization) is an open protocol which allows secure authorization of desktop and web applications to access APIs. A commonly used analogy is the valet key to a car, which allows the car to be driven (perhaps a limited distance), but does not give access to the glovebox or trunk. In the same way, OAuth allows users to authorize applications to access resources on their behalf via an access token, rather than by handing over their actual username and password.

Jeff Douglas‘ article last summer, Using OAuth to Authorize External Applications, covers the 1.0a version of the protocol (aka RFC 5849) that has been supported in the platform since Winter ’10, but the world moves quickly, and Winter ’11 saw the introduction of OAuth 2.0 to My article of a few months ago, Getting Started with the REST API, covered the basics of authorizing API access via OAuth 2.0, but deliberately stayed out of the darker passageways.

Now, Digging Deeper into OAuth 2.0 at really shines a light on our implementation of the protocol, examining the different flavors of token, walking through the flows in detail and introducing the Identity Service, a RESTful equivalent to the SOAP API’s getUserInfo(). Prepare a cup (or mug, or glass) of your favorite beverage and join my guided tour of OAuth 2.0

Get the latest Salesforce Developer blog posts and podcast episodes via Slack or RSS.

Add to Slack Subscribe to RSS