Salesforce Developer Security Auth Openid Basic
// Salesforce - Developer - Security - OpenID Connect Basics: OpenID Connect allows one or more relying parties to delegate user authentication to an OpenID Provider. The OpenID Provider authenticates users, and provides data, or claims, concerning users to relying parties. These claims are user attributes such as first and last name, email address, and department. As a result, relying parties are freed from the need to run a login process, and users have fewer credentials to manage. Since OpenID Connect is based on OAuth 2.0, and essentially runs over the same infrastructure, the OpenID Provider is also referred to as the 'authorization server', particularly when discussing protocol flows. For our purposes, the relying party is an app, specifically a connected app, and we'll refer to it as such in this document. This single sign-on functionality is similar to the older SAML protocol, but, since it is based on JSON rather than XML, OpenID Connect is much easier for developers to integrate. OpenID Connect was designed to also support native apps and mobile applications, whereas SAML was designed only for Web-based applications. SAML and OpenID Connect will likely coexist for quite some time, with each being deployed in situations where they make sense.
page revision: 0, last edited: 01 Jan 2017 23:22