Salesforce Developer Security Auth Oauth Wsflow

salesforce-developer-security

// Salesforce - Developer - Security - OAuth - Web Server Flow:

The web server flow is the recommended flow when the client application is able 
to interact with the user's web browser and the third party app server. In this 
flow, the authorization server redirects back to the browser with auth code as 
a parameter and the client application then obtains an access token using this 
auth code. Here is the step-by-step guide: http://sforce.co/2gy2FAD

When this flow is used, the client_id and client_secret are the client app's 
credentials and must be stored using the industry best practices for secure 
storage on the client app server. 

The user's access token is his short term secret (like the sid value) and the 
refresh token is his long term secret. The refresh token should be stored using 
the industry best practices for secure storage on the app server.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License