Apex Developer Guide

Getting Started
Writing Apex
Ways to Invoke Apex
Finishing Touches
Reference
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
AuthConfiguration Class
AuthProviderCallbackState Class
AuthProviderPlugin Interface
AuthProviderPluginClass Class
AuthProviderTokenResponse Class
AuthToken Class
CommunitiesUtil Class
ConnectedAppPlugin Class
InvocationContext Enum
JWS Class
JWT Class
JWTBearerTokenExchange Class
OAuthRefreshResult Class
RegistrationHandler Interface
RegistrationHandler Methods
Storing User Information and Getting Access Tokens
Auth.RegistrationHandler Example Implementation
Auth.RegistrationHandler Error Example
SamlJitHandler Interface
SessionManagement Class
SessionLevel Enum
UserData Class
VerificationPolicy Enum
Auth Exceptions
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
ConnectApi Namespace
Database Namespace
Datacloud Namespace
DataSource Namespace
Dom Namespace
Flow Namespace
KbManagement Namespace
Messaging Namespace
Process Namespace
QuickAction Namespace
Reports Namespace
Schema Namespace
Search Namespace
Site Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
VisualEditor Namespace
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

RegistrationHandler Interface

Salesforce provides the ability to use an authentication provider, such as Facebook© or Janrain©, for single sign-on into Salesforce.

Namespace

Auth

Usage

To set up single sign-on, you must create a class that implements Auth.RegistrationHandler. Classes implementing the Auth.RegistrationHandler interface are specified as the Registration Handler in authorization provider definitions, and enable single sign-on into Salesforce portals and organizations from third-party services such as Facebook. Using information from the authentication providers, your class must perform the logic of creating and updating user data as appropriate, including any associated account and contact records.

RegistrationHandler Methods

The following are methods for RegistrationHandler.

createUser(portalId, userData)

Returns a User object using the specified portal ID and user information from the third party, such as the username and email address. The User object corresponds to the third party’s user information and may be a new user that hasn’t been inserted in the database or may represent an existing user record in the database.

Signature

public User createUser(ID portalId, Auth.UserData userData)

Parameters

portalId
Type: ID
userData
Type: Auth.UserData

Return Value

Type: User

Usage

The portalID value may be null or an empty key if there is no portal configured with this provider.

updateUser(userId, portalId, userData)

Updates the specified user’s information. This method is called if the user has logged in before with the authorization provider and then logs in again, or if your application is using the Existing User Linking URL. This URL is generated when you define your authentication provider.

Signature

public Void updateUser(ID userId, ID portalId, Auth.UserData userData)

Parameters

userId
Type: ID
portalId
Type: ID
userData
Type: Auth.UserData

Return Value

Type: Void

Usage

The portalID value may be null or an empty key if there is no portal configured with this provider.

Storing User Information and Getting Access Tokens

The Auth.UserData class is used to store user information for Auth.RegistrationHandler. The third-party authorization provider can send back a large collection of data about the user, including their username, email address, locale, and so on. Frequently used data is converted into a common format with the Auth.UserData class and sent to the registration handler.

If the registration handler wants to use the rest of the data, the Auth.UserData class has an attributeMap variable. The attribute map is a map of strings (Map<String, String>) for the raw values of all the data from the third party. Because the map is <String, String>, values that the third party returns that are not strings (like an array of URLs or a map) are converted into an appropriate string representation. The map includes everything returned by the third-party authorization provider, including the items automatically converted into the common format.

The constructor for Auth.UserData has the following syntax:

To learn about Auth.UserData properties, see Auth.UserData Class.

You can only perform DML operations on additional sObjects in the same transaction with User objects under certain circumstances. For more information, see sObjects That Cannot Be Used Together in DML Operations.

Note

For all authentication providers except Janrain, after a user is authenticated using a provider, the access token associated with that provider for this user can be obtained in Apex using the Auth.AuthToken Apex class. Auth.AuthToken provides two methods to retrieve access tokens. One is getAccessToken, which obtains a single access token. Use this method if the user ID is mapped to a single third-party user. If the user ID is mapped to multiple third-party users, use getAccessTokenMap, which returns a map of access tokens for each third-party user. For more information about authentication providers, see “External Authentication Providers” in the Salesforce online help.

When using Janrain as an authentication provider, you need to use the Janrain accessCredentials dictionary values to retrieve the access token or its equivalent. Only some providers supported by Janrain provide an access token, while other providers use other fields. The Janrain accessCredentials fields are returned in the attributeMap variable of the Auth.UserData class. See the Janrain auth_info documentation for more information on accessCredentials.

Not all Janrain account types return accessCredentials. You may need to change your account type to receive the information.

Note

To learn about the Auth.AuthToken methods, see Auth.AuthToken Class.

Auth.RegistrationHandler Example Implementation

This example implements the Auth.RegistrationHandler interface that creates as well as updates a standard user based on data provided by the authorization provider. Error checking has been omitted to keep the example simple.

The following example tests the above code.

Auth.RegistrationHandler Error Example

This example implements the Auth.RegistrationHandler interface and shows how to use a custom exception to display an error message on the page to the user. If you don’t use a custom exception, the error code and description (if they’re available) appear in the URL and the error description (if available) appears on the page.

To limit this example to the custom exception, some code was omitted.