Salesforce Developer Security Auth Oauth Wsflow
// Salesforce - Developer - Security - OAuth - Web Server Flow: The web server flow is the recommended flow when the client application is able to interact with the user's web browser and the third party app server. In this flow, the authorization server redirects back to the browser with auth code as a parameter and the client application then obtains an access token using this auth code. Here is the step-by-step guide: http://sforce.co/2gy2FAD When this flow is used, the client_id and client_secret are the client app's credentials and must be stored using the industry best practices for secure storage on the client app server. The user's access token is his short term secret (like the sid value) and the refresh token is his long term secret. The refresh token should be stored using the industry best practices for secure storage on the app server.
page revision: 0, last edited: 01 Jan 2017 23:09