Oauth token - security concerns?

(Oliver Kass) #1

Hi folks,

In the middle of setting up a Matrix / Salesforce API integration. It looks like the Oauth token asset needs public view permissions in order to talk to Salesforce and pull back and store the relevant tokens etc.

Bit concerned about the Oauth asset url being publicly available though. Any advice? Is it as big an issue as I’m making it out to be?



(Byrne) #2

The oAuth assets looking for session info and need matching tokens etc to allow any information exchange.
If you are concerned and you only want salesforce to have access.

You can IP restrict the public user to the range of the salesforce server.

(Oliver Kass) #3

Thanks Andrew. This looks like a good solution. So there’s no issue with having multiple public user assets on the same system?

(Oliver Kass) #4

Ah sorry, you mean link the public user asset to the new group and set the restrictions there.

(Byrne) #5

Yeah you got it.
One public user, many links…