Salesforce Developer Security Auth Oauth Sbaflow


// Salesforce - Developer - Security - OAuth - SAML Bearer Assertion Flow:

The OAuth 2.0 SAML bearer assertion flow defines how a SAML assertion can be 
used to request an OAuth access token when a client wishes to utilize a previous 
authorization. Authentication of the authorized application is provided by the 
digital signature applied to the SAML assertion. This flow is similar to a 
refresh token flow within OAuth. The SAML assertion is POSTed to the OAuth token 
endpoint, which in turn processes the assertion, and issues an access_token 
based upon prior approval of the application.

There a two important things of note with this flow:

1. The client_secret is not required to be passed to the token endpoint, only 
   the client_id.

2. No refresh token is issued through this flow.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License