I'm trying to satisfy a requirement for providing an API for communities users, where they can log into Salesforce, retrieve some data, and provide that back to a client. I have two questions around this that are related.
1) Can Salesforce Communities users log in with OAuth2 and the refresh token flow?
I found the following contrary point, but it is for username / password flow and not the refresh token flow: https://salesforce.stackexchange.com/questions/19121/should-oauth2-with-grant-type-password-work-for-high-volume-customer-portal
2) And a follow up to the above question: Can the OAuth login page be branded?
Best Answer
Yes, Communities users can use OAuth 2.0. Instead of
login.salesforce.com
, Use the Community URL as the prefix to the authorization URL - for example,https://acme.force.com/customers/services/oauth2/authorize
. See the section Configuring Authentication Flows with OAuth in Getting Started With Communities.Yes, the Community login page can be branded. See the section Customizing Communities Login in the same doc.