For most architects Identity and Access Management seems to be the weak point - this topic is so big and can be so complex that it seems quite daunting, since there are so many variables you need to understand and consider when designing your architecture.
Preparing for this study group was a great way for me to get back to the basics of the OAuth2.0 framework, understand the core components and then apply it my salesforce architecture.
I am happy to share my notes for Oauth2.0 episode 1 here and the recording link is also on the page. Have fun and please leave some feedback or questions!
What is Oauth2.0?
A standard is just a set of widely agreed-upon practices that industry members follow. A standard can include a protocol that specifies how systems exchange information.
OAuth is one of three protocols that Salesforce and other identity vendors follow to implement identity solutions. The other two are SAML and OpenID Connect.
OAuth (stands for Open Authorization) 2.0 is an open
authorization --> {the function of specifying access rights to resource}
protocol/framework --> {A set of rules governing the exchange or transmission of data between devices}
that enables an application --> {Web, desktop, mobile}
to obtain secure, limited access and data sharing to a HTTP service.
4 Main components:
1. Roles (the Actors)
Resource Owner -> End user, myself
Resource Server -> Where the info is hosted that the client wants to access
Client –> the app the resource owner is using
Authorisation Server -> the server able to grant authorization
2. Tokens
Access Token
Refresh Token
3. Scopes & Consent
Scopes to deny
Scoped to allow
4. Grants in Flows
Authorization Code Grant
Implicit
Resource Owner Password Credentials
Client Credentials
Full details and explanations are in the video!