Not all OAuth flows are created equal when it comes to security, and many Salesforce users are unknowingly implementing vulnerable authentication methods that expose their orgs to attack. With Salesforce’s latest Connected App updates and the introduction of External Client Apps (ECA) as the next generation framework, it’s critical to understand which OAuth flows provide genuine security versus those that create dangerous entry points for threat actors.
In our Salesforce Security Office Hours, we’ll provide technical analysis of each OAuth flow type, explaining why certain flows like the device flow have been deprecated and how the latest Connected App security enhancements compare to traditional authentication methods. We’ll demonstrate External Client Apps’ improved packaging capabilities, metadata separation, and enhanced security controls for second-generation packages, showing how these modern frameworks address the limitations of traditional Connected Apps.
Join us as we explore secure integration best practices, including how to request that Salesforce enable permissions to block username-password login via the SOAP API, ensuring your authentication strategy aligns with current security standards rather than legacy convenience. Register for this online event and get your questions about Salesforce security answered live by host, Matt Meyers, CTA and guest speaker, Samarth Ahuja, Senior Software Engineer at Paypal.