Exam Identity-and-Access-Management-Architect Topic 5 Question 19 Discussion

Actual exam question for Salesforce's Identity-and-Access-Management-Architect exam
Question #: 19
Topic #: 5
An identity professional working on a project to integrate a third-party application with Salesforce, is tasked with evaluating OAuth options. The project requires fine-grained access control and the ability to obtain long-lived access tokens.
Which OAuth flow would best full fill the project requirements?

Suggested Answer: B Vote an answer

For fine-grained delegated access and long-lived sessions, the Authorization Code flow is the strongest mainstream OAuth choice. It supports user consent, server-side token exchange, and refresh-token issuance in the patterns Salesforce documents for confidential applications. Client Credentials is for app-to-app integration without a user context, and Implicit/User-Agent is less suitable for strong control and durable token management. Username-password is a special-case flow that trades off security and user experience.
The reason this matters architecturally is that the authorization code pattern separates user authentication from token exchange and allows the client to keep secrets securely on the server side. That is why it remains the preferred model for robust delegated access to protected Salesforce resources. This is why option B is the best answer in Salesforce terms.

by Eileen at May 31, 2026, 10:37 AM

Limited Time Offer

15%

Off

Get Premium Identity-and-Access-Management-Architect Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10