Activity Forums Salesforce® Discussions What is difference between user agent flow, web server flow and Username-Password OAuth Authentication Flow in Salesforce?

Tagged: , , , ,

  • Shaharyar

    Member
    September 13, 2017 at 12:06 pm
    • Web server flow (In OAuth spec terms, Authorization Code Grant) tends to be used for web applications where server-side code needs to interact with Force.com APIs on the user's behalf, for example DocuSign:Tokens are sent directly from the Authorization Server to the OAuth Client app, providing a high level of security.
    • Username-Password flow (Resource Owner Password Credentials Grant) can be used for testing, or for apps that operate non-interactively, such as legacy integrations, without a user to actively give authorization:

      $ curl -d 'grant_type=password&client_id=3MV_CLIENT_ID&client_secret=1234&username=user@example.com&password=password' \
      https://login.salesforce.com/services/oauth2/token

      {
      "id":"https://login.salesforce.com/id/ORG_ID/USER_ID",
      "issued_at":"1385271368428",
      "instance_url":"https://na15.salesforce.com",
      "signature":"Vcz4TlGBQJCwJzNtH3AHT/kUFLM4N/sFrJODX2ZNuyE=",
      "access_token":"00D_ACCESS_TOKEN"
      }

      Username-password is generally discouraged and should be used only where no other alternative is available, due to the inherent problems with passwords.

    • User-Agent flow (Implicit Grant) tends to be used for mobile or desktop applications, for example Salesforce1 or Mobile SDK apps:Tokens are returned to the Client app via a 'hash fragment' on a URL.

Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos

Report

Harassment or bullying behavior
Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Mobile App Reported Contents
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .