OAuth 2.0 Flashcards
https://help.salesforce.com/articleView?id=remoteaccess_authenticate.htm&type=0
What is OAuth?
OAuth (Open Authorization) is an open protocol that provides secure API authorization from applications in a simple and standardized way.
Why is OAuth used?
OAuth can authorize access to resources without revealing user credentials to apps.
What is the benefit of using OAuth with Salesforce?
Apps that use OAuth can also directly authenticate and access Salesforce resources without a user’s presence.
To manage, create, edit, and delete OAuth apps:
Manage Connected Apps
What Salesforce features use OAuth and why?
APIs, such as the Salesforce REST and SOAP web service APIs or the Chatter REST API, can use OAuth 2.0 to authorize access to Salesforce resources.
How does OAuth work within Salesforce?
OAuth gives a client application restricted access to your data on a resource server. To allow access, an authorization server grants tokens to the client app in response to an authorization.
What is considered the “Valet Key” in OAuth?
OAuth tokens
What is an OAuth Authorization Code?
The authorization server creates this short-lived token and passes it to the client application via the browser. The client application sends the authorization code to the authorization server to obtain an access token and, optionally, a refresh token.
What is an OAuth Initial Access token?
After configuring an OAuth 2.0 connected app, generate an initial access token. Salesforce requires this token to authenticate the dynamic client registration request
What is an OAuth Access Token?
The client uses an access token to make authenticated requests on behalf of the end user.
How an OAuth Refresh Token used?
The client application can store a refresh token, using it to periodically obtain fresh access tokens.
Like a password, a refresh token can be used repeatedly to gain access to the resource server
What is an OAuth ID Token?
OpenID Connect, an authentication layer on top of OAuth 2.0, defines an ID token as a signed data structure. The data structure contains authenticated user attributes, including a unique identifier for the user. It also contains the time when the token was issued, and an identifier for the requesting client. An ID token is encoded as a JSON web token (JWT).
How does the Access Token and the Initial Authorization Token differ?
The Access Token has a longer lifetime than the authorization code, usually minutes or hours.
In Salesforce Terms, what is the Access Token?
In Salesforce terms, the access token is a session ID (SID), much like a session cookie on other systems.
How is the Access Token protected?
by Transport Layer Security (SSL)