Configure Headless Identity Flows with OAuth 2.0 for First-Party Applications
After you complete your setup in Salesforce, build headless identity flows that
integrate your off-platform app using the OAuth 2.0 for First-Party Applications draft
protocol.
Required Editions
Available in: both Salesforce Classic and
Lightning Experience
Available in: Enterprise, Unlimited, and Developer
Editions
OAuth 2.0 for First-Party Applications: Generate a Client Attestation JWT When using headless identity flows that implement the OAuth 2.0 for First-Party Applications draft standard, use a client attestation JWT to prove that apps sending requests to Salesforce are first-party apps created by your company.
OAuth 2.0 for First-Party Applications: Headless Username-Password Flow for Private Clients To set up username-password login for an off-platform app developed by your company, use this headless username-password login flow, which implements the OAuth 2.0 for First-Party Applications draft standard protocol. With this flow, you can entirely control the front-end login experience in your first-party app while Salesforce handles the backend work of authenticating users and granting access to protected resources. This flow is supported only for private clients, such as client-server apps, and is supported only for external users
OAuth 2.0 for First-Party Applications: Headless Passwordless Login for Private Clients With headless passwordless login, users log in to your off-platform app via their email address or phone number and a one-time password. To set up passwordless login for an off-platform app developed by your company, use this headless passwordless login flow, which implements the OAuth 2.0 for First-Party Applications draft protocol. With this flow, you can entirely control the front-end login experience in your first-party app while Salesforce handles the backend work of authenticating users and granting access to protected resources. This flow is supported only for private clients, such as client-server apps, and is supported only for external users.
OAuth 2.0 for First-Party Applications: Headless Registration Flow for Private Clients To set up a headless user registration process for an off-platform app developed by your company, use this flow, which implements the OAuth 2.0 for First-Party Applications draft standard protocol. This flow is supported only for private clients, such as client-server apps. With this flow, you can entirely control the front-end registration experience in your first-party app while Salesforce handles the backend work of authenticating users and granting access to protected resources. This flow is supported only for private clients, such as client-server apps, and is supported only for external users.
Did this article solve your issue?
Let us know so we can improve!
Loading
Salesforce Help | Article
Cookie Consent Manager
General Information
Required Cookies
Functional Cookies
Advertising Cookies
General Information
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
