|Available in: All Editions|
|To manage, create, edit, and delete OAuth applications:||“Manage Connected Apps”|A remote access application is an application external to Salesforce that uses the OAuth protocol to verify both the Salesforce user and the external application. A remote access application is implemented as a connected app.
OAuth is an open protocol that allows secure authentication for access to a user’s data, without handing out the user’s username and password. It is often described as the valet key of software access: a valet key only allows access to certain features of your car: you cannot open the trunk or glove compartment using a valet key.
Remote Access applications have been replaced by Connected App
s. Use connected apps
for any application that needs to integrate with salesforce.com
to verify users and control security policies for external applications. Any existing Remote Access applications were automatically migrated to connected apps
with the Summer ’13 release.
The following is the general flow for using a remote access application with Salesforce
- A developer uses the Connected App pages in Salesforce to define a connected app.
In this example, the remote access application is a web application, which uses data that already exists in Salesforce.
- The developer uses the generated client credentials from the connected app detail page and develops their web application using an OAuth library.
- A user starts to use the developer’s web application and performs an action that requires access to their Salesforce data.
- The user is redirected to Salesforce using the OAuth protocol, and presented with the standard Salesforce login page.
- Once the user successfully logs in, the user must verify that they want to grant the web application access to their Salesforce data.
- When using the Web server flow,
- If the user approves access, they are redirected back to the originating web application with an authorization code.
- The web application exchanges this code for an access token, which grants them access to the user’s Salesforce data.
- When using the user-agent flow, if the user approves access, they are redirected back with an access token.
Depending on the authentication flow used, a refresh token might be granted, allowing continued access to the user’s account.
- After a user has granted access to a remote access application, he or she can revoke that access by accessing their personal information page in their personal settings (in Advanced User Details under OAuth Connected apps) and clicking Revoke next to the name of the application in the Remote Access related list.
is compatible with Draft v2–25 of the OAuth 2.0 protocol from the IETF working group.
For more information on the OAuth standard, see the OAuth.net documentation.
For more information on terminology, see Remote Access Applications and OAuth Terminology.
Users can authorize a remote access application to access Salesforce
more than once, for example, for both a laptop and a desktop computer. The default limit is five per application per user. If a user tries to grant access to an application more than the organization limit, the access token for that application that hasn’t been used for the longest period of time is revoked. Newer applications (using the OAuth 2.0 protocol) using the Web server flow are automatically approved for additional devices after the user has granted access once. The user-agent flow requires user approval every time.