Tag Archives: Grant Type

Salesforce OAuth 2.0 Response and Grant Type

Salesforce OAuth 2.0 response and Grant Type

response_type is used against authorization endpoint. This parameter define what authorization response must contain in its response. For example, code when using authorization code grant . Salesforce OAuth 2.0 Response and Grant Type

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=<your_client_id> &redirect_uri=<your_redirect_uri>response_type=code: to request an authorization coderesponse_type=token: 

to request an access token
The /authorize endpoint is used for the Web Server OAuth Authentication Flow and User-Agent OAuth Authentication Flow. End user interaction is needed to provide username/password and to authorize the client.

Salesforce OAuth 2.0 Response and Grant Type
Salesforce OAuth 2.0 Response and Grant Type

grant_type 

grant_type on the other hand is used against token endpoint. It define the grant used to get the token from the Authorization Server. For example, authorization_code is the grant used for authorization code grant

https://login.salesforce.com/services/oauth2/token?grant_type=password&client_id=<your_client_id> &client_secret=<your_client_secret>                                                                             &username=<your_username>&password=<your_password>
The /token endpoint is used for the Username-Password OAuth Authentication Flow and the OAuth Refresh Token Process.


grant_type=password : used to get access token directly in exchange of username and password Request:grant_type with the value passwordclient_id with the the client’s IDclient_secret with the client’s secretscope with a space-delimited list of requested scope permissions.username with the user’s usernamepassword with the user’s password
Response:token_type with the value Bearerexpires_in with an integer representing the TTL of the access tokenaccess_token a JWT signed with the authorization server’s private keyrefresh_token an encrypted payload that can be used to refresh the access token when it expires.


grant_type=authorization_code : server exchanges the auth code for an access token
It has two Parts1. First go to the Authorization endpoint to get the authorization code2.

Part II is to hit the Token end point with the authorization code Request:grant_type with the value of authorization_code client_id with the client identifier client_secret with the client secret redirect_uri with the same redirect URI the user redirected back to code with the authorization code from the query string Response:token_type with the value Bearerexpires_in with an integer representing the TTL of the access token access_token a JWT signed with the authorization server’s private keyrefresh_token an encrypted payload that can be used to refresh the access token when it expires.


grant_type = refresh_token: Access tokens eventually expire; however some grants respond with a refresh token which enables the client to refresh the access token. Request:grant_type with the value refresh_tokenrefresh_token with the refresh tokenclient_id with the the client’s IDclient_secret with the client’s secretscope with a space-delimited list of requested scope permissions. This is optional; if not sent the original scopes will be used, otherwise you can request a reduced set of scopes. Response:token_type with the value Bearer
expires_in with an integer representing the TTL of the access token
access_token a new JWT signed with the authorization server’s private key
refresh_token an encrypted payload that can be used to refresh the access token when it expires

grant_type=client_credentials : applications need a way to get an access token for their own account, outside the context of any specific user. This grant is suitable for machine-to-machine authentication, for example for use in a cron job which is performing maintenance tasks over an API. Not Applicable in Salesforce
grant_type = assertion

grant_type—urn:ietf:params:oauth:grant-type:jwt-bearer

grant_type: urn:ietf:params:oauth:grant-type:saml2-bearer

grant_type=device

https://developer.salesforce.com/blogs/isv/2015/04/integrating-multi-orgs-using-oauth

https://twirltech.in/architect-blogs/