Based on the information in the Salesforce rest-API documentation, examples of valid restful endpoints for authentication are:
- For authorization:
https://login.salesforce.com/services/oauth2/authorize - For token requests: https://login.salesforce.com/services/oauth2/token
To get a token for our app that is doing OAuth, we're using https://login.salesforce.com/services/oauth2/authorize?display=touch&response_type=token&client_id=myclientid&redirect_url=myredirecturl.
After realizing that there is a specific end point for token getting a token (i.e. /oauth2/token), I'm curious if these two endpoints are the same when passing the query string parameter "response_type=token" to the /authorize endpoint.
Note that my application is working correctly in retrieving the token right now, I'm just curious if I could change the URL to https://login.salesforce.com/services/oauth2/token?display=touch&client_id=myclientid&redirect_url=myredirecturl and have the same result?
Best Answer
The different endpoints are used for different authentication flows, this is all covered in the REST API documentation.
The
/authorize
endpoint is used for the Web Server OAuth Authentication Flow and User-Agent OAuth Authentication Flow.The
/token
endpoint is used for the Username-Password OAuth Authentication Flow and the OAuth Refresh Token Process.