Salesforce Developer Security Auth Oauth Sbaflow
// Salesforce - Developer - Security - OAuth - SAML Bearer Assertion Flow: The OAuth 2.0 SAML bearer assertion flow defines how a SAML assertion can be used to request an OAuth access token when a client wishes to utilize a previous authorization. Authentication of the authorized application is provided by the digital signature applied to the SAML assertion. This flow is similar to a refresh token flow within OAuth. The SAML assertion is POSTed to the OAuth token endpoint, which in turn processes the assertion, and issues an access_token based upon prior approval of the application. There a two important things of note with this flow: 1. The client_secret is not required to be passed to the token endpoint, only the client_id. 2. No refresh token is issued through this flow.
page revision: 0, last edited: 01 Jan 2017 23:16