Diagrams and notes in these sections consolidate information about the various single sign on, OAuth 2.0 and other identity flows supported by Salesforce:
Salesforce Single Sign On Flows - SAML, OpenID Connect and delegated authentication options for SSO
General OAuth 2.0 Flows - Common standard OAuth 2.0 flows supported by Salesforce
Specialised OAuth 2.0 Flows - OAuth 2.0 flows supported by Salesforce for specific contexts
Salesforce Layered Flows - Illustrating how flows can be combined for a seamless user authentication experiences
OAuth 2.0 Login and Consent - Detail of authentication and authorisation steps involved in interactive OAuth 2.0 flows
TLS and Salesforce - Overview of TLS for network security and options for one-way and mutual TLS
The level of detail and presentation style in official documentation varies quite a bit, so the diagrams are intended to give a consistent representation and make it easy to see key differences.
For some of the flows, for example Open ID Connect, official Salesforce documentation is very light, so the flows are based on protocol specifications, third party documentation and observations of browser traffic.
I put these together while preparing for Salesforce Technical Architect certification. The scope and detail is intentionally high level and covers significant aspects to know for the board. For detail around implementing these flows with Salesforce, the official documentation is usually best.
Authors, contributions and thanks
Many others have helped shape and improve the content in these sections.
TLS and Salesforce was co-authored with Martin Vyskocil, who suggested this to be covered and wrote the original draft. Charlie Guo and Gianluca Calcagni reviewed and contributed improvements.
Crystal Zhu recommended including information around the Client Credentials Grant flow and wrote this section.
Nicolas Vanden Bossche created the amazing Identity Flows Heroku App which describes and illustrates many of these flows in action.
Jesse Lingo for the fantastic diagrams showing how flows relate to one another in the context of the technologies involved.
Early versions of most of this content was shared with the Salesforce Architect Trailblazer community in 2019, and was improved with input from many people, including Matt Morris, Charlie Guo, Nicolas Vanden Bossche, Shrey Tyagi, Melissa Shepard, Petr Svestka, Michael Eckert and others.
Thanks to everyone who's helped out. Any feedback or suggestions for changes please get in touch!