The document provides an overview of OAuth, an authorization protocol that enables third-party applications to access user data securely without sharing passwords. It discusses the need for OAuth to restrict access and how to generate access tokens for API interaction. Additionally, it covers specific implementations of OAuth within Force.com and connected app administration details.

1. By:
Vijay Naik
Numaan Ahmed

2. Overview
• What is OAuth?
• Why do we need OAuth?
• Architecture
• OAuth & Force.com
• Connected App Administration
• Hands on

3. Access Resources on Browser

4. 3rd Party App

5. 3rd Party App

6. Modified Flow

7. What Is OAuth?
• Open Authorization
• Authorization protocol
- To allow 3rd party apps to access data on your behalf
- Without revealing the password
- Sometime even without presence of the user
• A framework to allow secure API access

8. Why do we need OAuth?
• To allow 3rd party apps to access data on your behalf without
revealing password
• Sharing Password is a bad thing
• Provide Restricted Access, i.e. allow access to selected
resources
• Revoke access without changing password

9. Steps
• Generate Access Token (Session Id) using
OAuth Flow
• Make API calls using Access Token

10. OAuth Is…
“a process of generating Access Token, without
revealing the password”

11. OAuth & Force.com

12. Web Server Flow

13. HTTP Request
Method
Endpoint
Body
Header
Http Request
Grant_Type
Authorization_Code
Consumer_Id
Consumer_Secret_Code
RedirectUri

14. User Agent Flow

15. Refresh Token Flow

16. User Name Password Flow

17. Connected App Administration
• Setting the scopes
• Setup Trusted IP Ranges
• Expire Refresh Token
• Set Session Policies
• Block Apps

18. Hands On!

19. http://bit.ly/1p0vZBd