1] A client app requests access to a protected resource.
2] In response, an authorizing server grants access tokens to the client app.
3] A resource server then validates these access tokens and approves access to the protected resource.
OAuth : Open Authorization. End goal is to obtain a access token using which protected resources can be accessed without username and password to the other system.
If usecase is people accessing the system then use SAML. But if you want system to access system use OAuth.
Actors:
- Resource Owner
- Client
- Resource Server
- Authorization Server
For outbound Salesforce uses Web server flow.
First call needs to be made for authorization which would return the code.
Use the code and get access token
Use access token to access protected resource.
