The document provides an overview of OpenID Connect, a new standard for identity that is based on OAuth 2.0. It discusses how OpenID Connect allows clients to authenticate users through an authorization server without having to handle usernames and passwords. The document outlines the basic OpenID Connect workflow which involves the client obtaining an ID token from the authorization server after the user authenticates. This ID token contains claims about the user that are verified by the authorization server's signature. The document encourages developers to leverage OpenID Connect to build applications that can acquire customers through social sign-on and to rapidly develop secure mobile apps.
React Native vs Ionic - The Best Mobile App Framework
OpenID Connect: The new standard for connecting to your Customers, Partners, Apps, and Devices Webinar
1. OpenID Connect
The new standard for connecting to your Customers, Partners, Apps, and Devices
April 9, 2014
2. #forcewebinar
Safe Harbor
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of
the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking
statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service
availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future
operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use
of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our
service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth,
interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other litigation, risks associated with
possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and
motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-
salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial
results of salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31, 2012. This documents and
others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be
delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available.
Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
4. #forcewebinar
Follow Developer Force for the Latest News
@forcedotcom / #forcewebinar
Developer Force – Force.com Community
+Developer Force – Force.com Community
Developer Force
Developer Force Group
6. #forcewebinar
Have Questions?
§ We have an expert support team at the ready to answer your questions
during the webinar.
§ Ask your questions via the GoToWebinar Questions Pane.
§ The speaker(s) will chose top questions to answer live at the end of the
webinar.
§ Please post your questions as we go along!
§ Only post your question once; we’ll get to it as we go down the list.
10. #forcewebinar
Chapter 1:
OpenID Connect
§ Authenticate users without having to get your hands dirty
with passwords
§ Learn about the person using your service using modern
identity tools
§ Informed by a long history of identity standards
§ Based on OAuth2
11. #forcewebinar
Why should I care about OpenID Connect?
Identity Professionals Developers Business
§ Focus on business
enablement
§ OIDC is SAML for our
RESTful web-oriented
architecture world
§ Support use cases the
business cares about
including mobile and
social
§ Focus on the
awesome – the user
journey
§ Don’t have to deal with
username, passwords,
PKI, and LDAP
§ Strong credentials
without all the mess
§ Engage with internal and
external customers
§ Make it easier for
customers to interact with
you
§ Avoids having to issue your
customers yet another set
of credentials
18. Too much? Start with the Basic Client
Just read this:
http://openid.net/specs/openid-connect-basic-1_0.html
19. Or better yet… just use the Salesforce1 platform
OpenID Connect Relying Party
Authentication Provider
(the Client Side)
OpenID Connect Provider
Connected Apps
(the Server Side)
29. #forcewebinar
OpenID Connect Stack within Salesforce
Auth. Providers ConnectedApps
§ Client side implementation
– Oauth & OpenID Connect
§ Configure our client, to become your
app, with any provider
§ Fine-grained control over
– just-in-time provisioning
– account linking
§ Server Side Implementation
§ Oauth & OpenID Connect (and SAML and Canvas)
§ Configure your client, to talk to our
services, using your brand or ours
§ Fine-grained control over
– Authorization
– Authentication Levels
– Refresh Token Decay
– Application Policy
– Attributes
35. #forcewebinar
What’s New?
§ OpenID Connect Services
– Standard schema via User Profile service
– Signature based client authentication
– Custom Attributes
§ ID Tokens
– Signed JWT
– Key Endpoint
37. #forcewebinar
What’s Next?
§ Custom Permissions
– Define your own Permissions
– Manage your Authorization Model using Profile and Permission Sets
§ Customizable ID Tokens
– Identity for the Internet of Things
– Combine Device Identity with Customer Identity
– Design Center
• Scalable
• Offline
• Spectrum of Authentication
• Fine Scoping and Delegation