Salesforce Developer Security Auth Openid Basic


// Salesforce - Developer - Security - OpenID Connect Basics:

OpenID Connect allows one or more relying parties to delegate user 
authentication to an OpenID Provider. The OpenID Provider authenticates users, 
and provides data, or claims, concerning users to relying parties. These claims 
are user attributes such as first and last name, email address, and department. 
As a result, relying parties are freed from the need to run a login process, 
and users have fewer credentials to manage.

Since OpenID Connect is based on OAuth 2.0, and essentially runs over the same 
infrastructure, the OpenID Provider is also referred to as the 'authorization 
server', particularly when discussing protocol flows. For our purposes, the 
relying party is an app, specifically a connected app, and we'll refer to it as 
such in this document.

This single sign-on functionality is similar to the older SAML protocol, but, 
since it is based on JSON rather than XML, OpenID Connect is much easier for 
developers to integrate. OpenID Connect was designed to also support native 
apps and mobile applications, whereas SAML was designed only for Web-based 
applications. SAML and OpenID Connect will likely coexist for quite some time, 
with each being deployed in situations where they make sense.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License