Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless.
What Authorization flow should the Architect recommend?
The JWT Bearer Token Flow is appropriate for seamless integration between a desktop application and Salesforce. This flow allows a server to directly access Salesforce resources without user interaction, which fits well with the need for seamless lead creation from the desktop application. Additionally, it provides a secure method for service-to-service integrations, which is essential for maintaining security while keeping the process automated and seamless.
user agent flow is deprecated in favor of web with PKCE https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_web_server_flow.htm&type=5
yes but it's called "OAuth 2.0 Web Server Flow for Web App Integration" and not "Web Server Authentication Flow" and Salesforce is very picky about how exactly things are called
C is the answer as it is not a web application, hence it can not keep the secrets secure, so web server authentication is not recommended.