OAuth 2.0 Login and Consent

A number of the OAuth 2.0 flows (OIDC Connect, Web Server, User-Agent, Device Authorisation etc) rely on authentication (login) and authorisation (consent to requested scopes) being handled in an interaction between the client app and the authorisation server.

In the diagrams in other sections, this is shown as a simplified "Authentication and Consent" step or similar. The diagram below shows in a bit more detail the steps involved in a typical interaction where both authentication and consent are needed.

Note that there are variations of this flow - e.g. in OAuth with SAML, authentication to the authorisation server is handled through SAML.

Login and Consent Diagram

If Salesforce is acting as the authorisation server, relevant endpoints are:

  • Authorisation endpoint: <mydomainname>.my.salesforce.com/services/oauth2/authorize
  • Login page: <mydomainname>.my.salesforce.com
  • Authorisation page:  <mydomainname>.my.salesforce.com/_ui/identity/oauth/ui/AuthorizationPage
  • Token endpoint:  <mydomainname>.my.salesforce.com/services/oauth2/token