Salesforce as an OpenId authentication provider

Question

Google Apps offers an OpenID API that allows end users to securely sign in to third party web sites using their Google Apps user account.

I want to offer similar functionality - i.e. I want the users of my web site to be able to authenticate using their Salesforce account using OpenID.

Does Salesforce offer a similar API/functionality? I've checked the documentation and seen mentions of OpenID Connect API, but this seems to be in its early stages of development. I've also checked Salesforce's Identity Provider feature, but this seems more geared towards SSO scenarios (not quite sure though - please correct me if I am wrong).

Answer 1

So basically, they don't support OpenID connect yet. In the meantime, take a look at the "webserver" OAuth 2.0 flow and use the "id" scope to get the user's id.

At the OAuth protocol level, there's no guarantee that this ID relates to the user or that it's unique and non-changing, but people use this kind of id for authentication anyway. This is basically how OpenID connect works; OpenID just formalizes it and adds in some extra validation.

Looking for a comprehensive Salesforce course? Enroll now!