OAuth

OAuth 2.0 is the main standard for security across systems. Eg for logging into Salesforce from a third party app. Eg Zapier.

Actors

Flows

  • User Agent

  • JWT (pronounced Jot)

  • First to the authorisation endpoint then to the token endpoint

  •  

Protecting the tokens

The consumer secret and consumer key are just like your username and password. These tokens need to be stirred somewhere so the flows can work. Every week there are stories of data breaches caused by tokens being submitted to a public github repo or AWS instance. This is way worse than even writing your username and password on a post it note on your monitor that customers can see. If you are having any development work done, ensure you know where these tokens are stored and that they can't be exposed publicly. Also, there is no need for your code to be in a public github repository unless you are doing an open source project.

 

Â