[Reference:Salesforce Connected App Security, OAuth 2.0 Configuration:Configuring OAuth 2.0 is important for authentication, but it does not directly control which users can invoke the flow. The profile or permission set is used to manage user permissions., Reference:OAuth 2.0 Overview, External Service Permissions:Assigning permissions in the external service is less relevant than managing permissions within Salesforce, where the flow is executed., Reference:External Services in Salesforce, Connected App Security:Properly securing the connected app by configuring user profiles and permission sets ensures compliance with security policies and restricts access as required., Reference:Managing Access with Connected Apps, ]