Creating and Using Connected Apps for OAuth
When your solution requires integration with a customer’s Salesforce org, authentication is one of the first pieces of the puzzle to solve for. Requesting a Salesforce user’s credentials, their username, password, and often access token and subsequently storing them within your system is not only frowned upon, but not going to accelerate your progress through the AppExchange Security Review process.
That’s where Salesforce Connected Apps will come into play. Connected Apps are a type of package-able component that you can include in your app to allow for standard SAML and OAuth authentication into a Salesforce customer’s org. As the app developer, you can specify the access parameters to ensure your app has enough access to perform what’s necessary, but no more. On the other side, customers installing your app see the required access and can approve its usage as well as include the Connected App in their security procedures, giving access as needed to necessary users via Profiles and Permission Sets.
From within your development org, you can easily created new Connected Apps. The creation form offers a robust set of options to accommodate for more complex scenarios that are commonly seen with SAML SSO integrations. Fortunately, the process to create a Connected App for OAuth usage is simple.
Get started by navigating to the Salesforce Setup menu and going to “Apps.” There is a setup menu item for “Connected Apps” and you’ll find yourself going there time and time again; but that’s where you’ll manage Connected Apps installed and in use for your org. Being that you’re creating one for your own development purposes, Setup → Apps is the right place to go.
1. Within Lightning Experience, navigate to the "App Manager" under the Setup menu.
2. Click on the "New Connected App" button.
3. This is where you'll provide your Connected App's settings. For a connected App in which you'll use OAuth with, start by providing minimally the red required fields
4. Within the "API (Enable OAuth Settings)" section, check the "Enable OAuth Settings" box to display OAuth specific options.
5. Provide he OAuth required fields, including the "Callback URL" as well as the permission scope. Ensure that you're selecting only the necessary scopes as required by your app. Items selected here will likely by reviewed by the AppExchange Security Review team and your choices will need to be validated.
6. Review the rest of the options to determine which, if any, apply to your scenario. When done, click on the "Save" button at the bottom of the page.
After saving, the Connected App will be created for you. Salesforce will provide a “Consumer Key” and “Consumer Secret” for you to use in your systems that will need to authenticate to your customer’s Salesforce Orgs.
For additional implementation documentation, please refer to the following Salesforce Help docs: