Salesforce Developer Security Auth Openid Basic
// Salesforce - Developer - Security - OpenID Connect Basics:
OpenID Connect allows one or more relying parties to delegate user
authentication to an OpenID Provider. The OpenID Provider authenticates users,
and provides data, or claims, concerning users to relying parties. These claims
are user attributes such as first and last name, email address, and department.
As a result, relying parties are freed from the need to run a login process,
and users have fewer credentials to manage.
Since OpenID Connect is based on OAuth 2.0, and essentially runs over the same
infrastructure, the OpenID Provider is also referred to as the 'authorization
server', particularly when discussing protocol flows. For our purposes, the
relying party is an app, specifically a connected app, and we'll refer to it as
such in this document.
This single sign-on functionality is similar to the older SAML protocol, but,
since it is based on JSON rather than XML, OpenID Connect is much easier for
developers to integrate. OpenID Connect was designed to also support native
apps and mobile applications, whereas SAML was designed only for Web-based
applications. SAML and OpenID Connect will likely coexist for quite some time,
with each being deployed in situations where they make sense.
page revision: 0, last edited: 01 Jan 2017 23:22