Have you authorized an application to access Salesforce without giving your credentials to that application? Then, you must have used a Salesforce OAuth authorization flow. OAuth is a standard for authorization. Salesforce uses several OAuth flows, and all these flows have the following three steps in general.
- The client app requests access to a protected resource in Salesforce
- The Salesforce authorizing server, in response to the request, sends the access token back to the client app
- The resource server (Salesforce) validates the access token and approves access to the protected resource
It is also important to understand the difference between authentication and authorization. Authentication is about verifying WHO you are, whereas authorization is about verifying WHAT you can do. A username and password are the most common type of authentication. Profiles or permission sets are associated with authorization.
This article has been indexed from DZone Security Zone