Lightning
Out
doesn’t handle authentication. Instead, you manually provide a Salesforce session ID or authentication
token when you initialize a Lightning
Out
app.
There are two supported ways to obtain an authentication token for use with Lightning
Out.
- On a Visualforce page, using Lightning
Components for Visualforce, you can obtain
the current Visualforce session ID
using the expression {! $Api.Session_ID }. This
session is intended for use only on Visualforce pages.
- Elsewhere, an authenticated session is obtained using OAuth, following the same process
you’d use to obtain an authenticated session to use with the Force.com REST API. In this case, you
obtain an OAuth token, and can use it anywhere.
The key thing to understand is that Lightning
Out
isn’t in the business of authentication. The $Lightning.use() function simply passes along to the security subsystem whatever
authentication token you provide it. For most organizations, this will be a session ID or an
OAuth token.