CloudIDSummit, profile picture
Uploaded byCloudIDSummit
PDF, PPTX619 views

CIS14: OAuth and OpenID Connect in Action

The document outlines the steps for implementing OAuth and OpenID Connect with Salesforce Identity, highlighting client registration, metadata retrieval, client initialization, and token usage. It also covers the use of social sign-on and just-in-time provisioning for improved federation, along with advanced features like enterprise policies and two-factor authentication. Additionally, it emphasizes the importance of refresh tokens for single sign-on (SSO) capabilities.

Embed presentation

Download as PDF, PPTX
OAuth & OpenID Connect in Action Chuck Mortimore VP, Product Management Salesforce Identity @cmort
a quick demo client
the world’s simplest client
1) Register an App 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
1) Register an App
2) Get your Metadata https://login.salesforce.com/.well-known/openid-configuration
2) Get your Metadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
3) Create your Client https://login.salesforce.com/services/oauth2/authorize? response_type=code&redirect_uri=https%3A%2F %2Flocalhost&client_id=… curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F %2Flocalhost&grant_type=authorization_code&code=..." https:// login.salesforce.com/services/oauth2/token …and validate your id_token
4) Use your access_token curl -H "Authorization: Bearer ..." https://login.salesforce.com/ services/oauth2/userprofile
so what can we do with all this plumbing?
social sign-on
1) Register an App
2) Get your Metadata https://accounts.google.com/.well-known/openid-configuration
3) Initialize your client software
4) Just-in-Time Provisioning
faster, simpler, better federation
1) Register an App
2) Get your Metadata https://gold.pinglabs.net:9031/.well-known/openid-configuration
3) Initialize your client software
4) Map Users
5) Access APIs!
enterprise mobile apps
Let’s build this App
Refresh Tokens provide “SSO”
Let’s Layer in Federation
Let’s add Enterprise Policies
How about Two Factor Authentication
Bonus: Custom Claims
CIS14: OAuth and OpenID Connect in Action

More Related Content

PDF
OAuth2 and Spring Security
byOrest Ivasiv
 
PPTX
A simple PHP LinkedIn OAuth 2.0 example
byMattia Reggiani
 
PDF
Spring security oauth2
byaxykim00
 
PPTX
UC2013 Speed Geeking: Intro to OAuth2
byAaron Parecki
 
PPTX
Social Gold in-Flash Webinar Jan 2010
bySocial Gold
 
PPT
Linkedin & OAuth
byUmang Goyal
 
PDF
OAuth2 and LinkedIn
byKamyar Mohager
 
PDF
Pocket Authentication with OAuth on Firefox OS
byChih-Hsuan Kuo
 
OAuth2 and Spring Security
byOrest Ivasiv
 
A simple PHP LinkedIn OAuth 2.0 example
byMattia Reggiani
 
Spring security oauth2
byaxykim00
 
UC2013 Speed Geeking: Intro to OAuth2
byAaron Parecki
 
Social Gold in-Flash Webinar Jan 2010
bySocial Gold
 
Linkedin & OAuth
byUmang Goyal
 
OAuth2 and LinkedIn
byKamyar Mohager
 
Pocket Authentication with OAuth on Firefox OS
byChih-Hsuan Kuo
 

Similar to CIS14: OAuth and OpenID Connect in Action

PPTX
OAuth with Salesforce - Demystified
byCalvin Noronha
 
PPTX
Hands-on with OAuth, Facebook and the Force.com Platform
byPat Patterson
 
PPTX
OpenID Connect and Single Sign-On for Beginners
bySalesforce Developers
 
PPTX
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
byVince Soliza
 
PDF
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
bySalesforce Developers
 
PPTX
OAuth Authorization flows in salesforce
byKishore B T
 
PDF
Iam f42 a
bySelectedPresentations
 
PPTX
Secure Development on the Salesforce Platform - Part 3
byMark Adcock
 
PDF
Deep Dive into OAuth for Connected Apps
bySalesforce Developers
 
PPTX
Deep dive into Salesforce Connected App
byDhanik Sahni
 
PPTX
Inbound rest web service
byDavid Boukhors
 
PDF
Digging Deeper into Desktop and Mobile App Security
bySalesforce Developers
 
PDF
Authentication with OAuth and Connected Apps
bySalesforce Developers
 
PPTX
Social Single Sign-On with OpenID Connect
byJames Melville
 
PPT
O auth 2
byNisha Baswal
 
PDF
04 june meetup - An overview of OAuth2 on Force.com projects
byAldo Fernandez
 
PDF
ABCs of Security in the Cloud Webinar
bySalesforce Developers
 
PPTX
Ladies Be Architects: Integration Study Group: Security & State Management
bygemziebeth
 
PDF
Engineering Student MuleSoft Meetup#7 - Leveraging MuleSoft Service in Salesf...
byJitendra Bafna
 
KEY
Authentication Using Twitter, Google, Facebook, And More
byBilly Cravens
 
OAuth with Salesforce - Demystified
byCalvin Noronha
 
Hands-on with OAuth, Facebook and the Force.com Platform
byPat Patterson
 
OpenID Connect and Single Sign-On for Beginners
bySalesforce Developers
 
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
byVince Soliza
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
bySalesforce Developers
 
OAuth Authorization flows in salesforce
byKishore B T
 
Iam f42 a
bySelectedPresentations
 
Secure Development on the Salesforce Platform - Part 3
byMark Adcock
 
Deep Dive into OAuth for Connected Apps
bySalesforce Developers
 
Deep dive into Salesforce Connected App
byDhanik Sahni
 
Inbound rest web service
byDavid Boukhors
 
Digging Deeper into Desktop and Mobile App Security
bySalesforce Developers
 
Authentication with OAuth and Connected Apps
bySalesforce Developers
 
Social Single Sign-On with OpenID Connect
byJames Melville
 
O auth 2
byNisha Baswal
 
04 june meetup - An overview of OAuth2 on Force.com projects
byAldo Fernandez
 
ABCs of Security in the Cloud Webinar
bySalesforce Developers
 
Ladies Be Architects: Integration Study Group: Security & State Management
bygemziebeth
 
Engineering Student MuleSoft Meetup#7 - Leveraging MuleSoft Service in Salesf...
byJitendra Bafna
 
Authentication Using Twitter, Google, Facebook, And More
byBilly Cravens
 

More from CloudIDSummit

PDF
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
byCloudIDSummit
 
PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
byCloudIDSummit
 
PPTX
CIS 2016 Content Highlights
byCloudIDSummit
 
PDF
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
byCloudIDSummit
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
byCloudIDSummit
 
PDF
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
byCloudIDSummit
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
byCloudIDSummit
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
byCloudIDSummit
 
PDF
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
byCloudIDSummit
 
PDF
CIS 2015 The IDaaS Dating Game - Sean Deuby
byCloudIDSummit
 
PDF
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
byCloudIDSummit
 
PDF
CIS 2015 Identity Relationship Management in the Internet of Things
byCloudIDSummit
 
PDF
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
byCloudIDSummit
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
byCloudIDSummit
 
PDF
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
byCloudIDSummit
 
PDF
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
byCloudIDSummit
 
PDF
Mobile security, identity & authentication reasons for optimism 20150607 v2
byCloudIDSummit
 
PDF
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
byCloudIDSummit
 
PDF
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
byCloudIDSummit
 
PPTX
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
byCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
byCloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
byCloudIDSummit
 
CIS 2016 Content Highlights
byCloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
byCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
byCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
byCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
byCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
byCloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
byCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
byCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
byCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
byCloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
byCloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
byCloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
byCloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
byCloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
byCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
byCloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
byCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
byCloudIDSummit
 

Recently uploaded

PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
AI Meets Integration: Delivering AI-Ready Data in Real Time.pdf
byPrecisely
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
The year in review - MarvelClient in 2025
bypanagenda
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
AI Meets Integration: Delivering AI-Ready Data in Real Time.pdf
byPrecisely
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 

CIS14: OAuth and OpenID Connect in Action

  • 1.
    OAuth & OpenIDConnect in Action Chuck Mortimore VP, Product Management Salesforce Identity @cmort
  • 2.
  • 4.
  • 5.
    1) Register anApp 2) Get your Metadata 3) Create (initialize) your Client 4) Use your Tokens
  • 6.
  • 7.
    2) Get yourMetadata https://login.salesforce.com/.well-known/openid-configuration
  • 8.
    2) Get yourMetadata { "issuer": "https://login.salesforce.com", "authorization_endpoint": "https://login.salesforce.com/services/oauth2/authorize", "token_endpoint": "https://login.salesforce.com/services/oauth2/token", "revocation_endpoint": "https://login.salesforce.com/services/oauth2/revoke", "userinfo_endpoint": "https://login.salesforce.com/services/oauth2/userinfo", "jwks_uri": "https://login.salesforce.com/id/keys", "scopes_supported": ["id", "api", "web", "full", "chatter_api", "visualforce", "refresh_token", "openid"], "response_types_supported": ["code", "token", "token id_token"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["RS256"], "display_values_supported": ["page", "popup", "touch"], "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt"] }
  • 9.
    3) Create yourClient https://login.salesforce.com/services/oauth2/authorize? response_type=code&redirect_uri=https%3A%2F %2Flocalhost&client_id=… curl -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=...&client_secret=...&redirect_uri=https%3A%2F %2Flocalhost&grant_type=authorization_code&code=..." https:// login.salesforce.com/services/oauth2/token …and validate your id_token
  • 10.
    4) Use youraccess_token curl -H "Authorization: Bearer ..." https://login.salesforce.com/ services/oauth2/userprofile
  • 12.
    so what canwe do with all this plumbing?
  • 13.
  • 14.
  • 15.
    2) Get yourMetadata https://accounts.google.com/.well-known/openid-configuration
  • 16.
    3) Initialize yourclient software
  • 17.
  • 18.
  • 19.
  • 20.
    2) Get yourMetadata https://gold.pinglabs.net:9031/.well-known/openid-configuration
  • 21.
    3) Initialize yourclient software
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
    Let’s Layer inFederation
  • 28.
  • 29.
    How about TwoFactor Authentication
  • 30.