Apex Developer Guide

Getting Started
Writing Apex
Ways to Invoke Apex
Finishing Touches
Reference
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
AuthConfiguration Class
AuthProviderCallbackState Class
AuthProviderPlugin Interface
AuthProviderTokenResponse Class
AuthToken Class
CommunitiesUtil Class
ConnectedAppPlugin Class
ConnectedAppPlugin Methods
RegistrationHandler Interface
SamlJitHandler Interface
SessionManagement Class
SessionLevel Enum
UserData Class
VerificationPolicy Enum
Auth Exceptions
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
ConnectApi Namespace
Database Namespace
Datacloud Namespace
DataSource Namespace
Dom Namespace
Flow Namespace
KbManagement Namespace
Messaging Namespace
Process Namespace
QuickAction Namespace
Reports Namespace
Schema Namespace
Search Namespace
Site Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

ConnectedAppPlugin Class

Customize the behavior of a connected app to support new authentication protocols or respond to user attributes in a way that benefits a business process.

Namespace

Auth

Usage

The class runs on behalf of the current user of the connected app. This user must have permission to use the connected app for the plugin to work.

Example

The following example gives the user permission to use the connected app if a specified quota is met, and returns the user’s permission set assignments.

1global class ConnectedAppPluginExample extends Auth.ConnectedAppPlugin{
2    
3    //Authorize the app if the user has achieved quota tracked in a custom field
4    global override boolean authorize(Id userId, Id connectedAppId, boolean isAdminApproved) {
5		
6		User u = [select id, HasAchievedQuota__c from User where id =: userId].get(0);
7		return u.HasAchievedQuota__c;
8        
9    }
10        
11    //Call a flow during refresh
12    global override void refresh(Id userId, Id connectedAppId) {
13	
14    	{
15            Map<String, Object> inputVariables = new Map<String, Object>();
16            inputVariables.put('userId', userId);
17            inputVariables.put('connectedAppId', connectedAppId);
18            Flow.Interview.MyCustomFlow interview = new Flow.Interview.MyCustomFlow(inputVariables);
19            interview.start();  
20        } catch ( Exception e ) {
21               System.debug('FLOW Exception:' + e);
22        }
23        
24    }
25    
26    //Return a user’s permission set assignments
27    global override Map<String,String> customAttributes(Id userId, Map<String,String> formulaDefinedAttributes) {  
28        
29        List<PermissionSetAssignment> psas = [SELECT id, PermissionSet.Name FROM PermissionSetAssignment WHERE PermissionSet.IsOwnedByProfile = false AND (AssigneeId = :userId)];
30        String permsets = '[';
31        for (PermissionSetAssignment psa :psas){
32            permsets += psa.PermissionSet.Name + ';';
33        }
34        permsets += ']';
35        formulaDefinedAttributes.put('PermissionSets', permsets);
36        return formulaDefinedAttributes;
37
38    }
39    
40}

ConnectedAppPlugin Methods

The following are methods for ConnectedAppPlugin.

authorize(userId, connectedAppId, isAdminApproved)

Authorizes the specified user for the connected app.

Signature

public Boolean authorize(Id userId, Id connectedAppId, Boolean isAdminApproved)

Parameters

userId
Type: Id
The 15-character ID for the user to whom you want to give access to the connected app.
connectedAppId
Type: String
The 15-character ID for the connected app.
isAdminApproved
Type: Boolean
Indicates the approval state for the specified user to use the connected app.

Return Value

Type: Boolean

If the connected app requires admin approval, a returned value of true indicates that the current user is approved.

Usage

If the connected app is set for users to self-authorize, this call isn’t necessary.

customAttributes(userId, formulaDefinedAttributes)

Sets new attributes for the specified user. When the connected app gets the user’s attributes from the UserInfo endpoint or through a SAML assertion, use this method to update those attribute values.

Signature

public Map<String,String> customAttributes(Id userId, Map<String,String> formulaDefinedAttributes)

Parameters

userId
Type: Id
The 15-character ID for the user associated with the attributes.
formulaDefinedAttributes
Type: Map<String,String>
A map of the current set of attributes from the UserInfo endpoint (OAuth) or from a SAML assertion. For more information, see The UserInfo Endpoint in the online help.

Return Value

Type: Map<String,String>

A map of the updated set of attributes.

refresh(userId, connectedAppId)

Salesforce calls this method during a refresh token exchange.

Signature

public Void refresh(Id userId, Id connectedAppId)

Parameters

userId
Type: Id
The 15-character ID for the user getting the refresh token.
connectedAppId
Type: String
The 15-character ID for the connected app.

Return Value

Type: Void