Apex Developer Guide

Apex Developer Guide
Getting Started with Apex
Writing Apex
Running Apex
Debugging, Testing, and Deploying Apex
Apex Language Reference
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
AuthConfiguration Class
AuthProviderCallbackState Class
AuthProviderPlugin Interface
AuthProviderPluginClass Class
AuthProviderTokenResponse Class
AuthToken Class
AuthToken Methods
CommunitiesUtil Class
ConnectedAppPlugin Class
InvocationContext Enum
JWS Class
JWT Class
JWTBearerTokenExchange Class
OAuthRefreshResult Class
RegistrationHandler Interface
SamlJitHandler Interface
SessionManagement Class
SessionLevel Enum
UserData Class
VerificationMethod Enum
VerificationPolicy Enum
Auth Exceptions
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
ConnectApi Namespace
Database Namespace
Datacloud Namespace
DataSource Namespace
Dom Namespace
EventBus Namespace
Flow Namespace
KbManagement Namespace
Messaging Namespace
Metadata Namespace
Process Namespace
QuickAction Namespace
Reports Namespace
Schema Namespace
Search Namespace
Sfc Namespace
Site Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
VisualEditor Namespace
wave Namespace
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

AuthToken Class

Contains methods for providing the access token associated with an authentication provider for an authenticated user, except for the Janrain provider.

Namespace

Auth

AuthToken Methods

The following are methods for AuthToken. All methods are static.

getAccessToken(authProviderId, providerName)

Returns an access token for the current user using the specified 18-character identifier of an AuthProvider definition in your org and the proper name of the third party, such as Salesforce or Facebook. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

Signature

public static String getAccessToken(String authProviderId, String providerName)

Parameters

authProviderId
Type: String
providerName
Type: String
The proper name of the third party. For all providers except Janrain, the expected values are
  • Facebook
  • Salesforce
  • Open ID Connect
  • Microsoft Access Control Service
  • LinkedIn
  • Twitter
  • Google
For Janrain providers, the parameter value is the proper name of the third party used. Yahoo! is an example of a Janrain provider value.

Return Value

Type: String

getAccessTokenMap(authProviderId, providerName)

Returns a map from the third-party identifier to the access token for the currently logged-in Salesforce user. The identifier value depends on the third party. For example, for Salesforce it would be the user ID, while for Facebook it would be the user number. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

Signature

public static Map<String, String> getAccessTokenMap(String authProviderId, String providerName)

Parameters

authProviderId
Type: String
providerName
Type: String
The proper name of the third party. For all providers except Janrain, the expected values are
  • Facebook
  • Salesforce
  • Open ID Connect
  • Microsoft Access Control Service
  • LinkedIn
  • Twitter
  • Google
For Janrain providers, the parameter value is the proper name of the third party used. Yahoo! is an example of a Janrain provider value.

Return Value

Type: Map<String, String>

refreshAccessToken(authProviderId, providerName, oldAccessToken)

Returns a map from the third-party identifier containing a refreshed access token for the currently logged-in Salesforce user. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

Signature

public static Map<String, String> refreshAccessToken(String authProviderId, String providerName, String oldAccessToken)

Parameters

authProviderId
Type: String
providerName
Type: String
The proper name of the third party. For all providers except Janrain, the expected values are
  • Facebook
  • Salesforce
  • Open ID Connect
  • Microsoft Access Control Service
  • LinkedIn
  • Twitter
  • Google
For Janrain providers, the parameter value is the proper name of the third party used. Yahoo! is an example of a Janrain provider value.
oldAccessToken
Type: String

Return Value

Type: Map<String, String>

Usage

This method works when using Salesforce or an OpenID Connect provider, but not when using Facebook or Janrain. The returned map contains AccessToken and RefreshError keys. Evaluate the keys in the response to check if the request was successful. For a successful request, the RefreshError value is null, and AccessToken is a token value. For an unsuccessful request, the RefreshError value is an error message, and the AccessToken value is null.

When successful, this method updates the token stored in the database, which you can get using Auth.AuthToken.getAccessToken().

If you are using an OpenID Connect authentication provider, an id_token is not required in the response from the provider. If a Token Issuer is specified in the Auth. Provider settings and an id_token is provided anyway, Salesforce will verify it.

Example

1String accessToken = Auth.AuthToken.getAccessToken('0SOD000000000De', 'Open ID connect');
2Map<String, String> responseMap = Auth.AuthToken.refreshAccessToken('0SOD000000000De', 'Open ID connect', accessToken);

A successful request includes the access token in the response.

1 (RefreshError,null)(AccessToken,00DD00000007BhE!AQkAQFzj...)

revokeAccess(authProviderId, providerName, userId, remoteIdentifier)

Revokes the access token for a specified social sign-on user from a third-party service such as Facebook©. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

Signature

public static Boolean revokeAccess(String authProviderId, String providerName, String userId, String remoteIdentifier)

Parameters

authProviderId
Type: String
The ID of the Auth. Provider in the Salesforce organization.
providerName
Type: String
The proper name of the third party. For all providers except Janrain, the expected values are
  • Facebook
  • Salesforce
  • Open ID Connect
  • Microsoft Access Control Service
  • LinkedIn
  • Twitter
  • Google
For Janrain providers, the parameter value is the proper name of the third party used. Yahoo! is an example of a Janrain provider value.
userId
Type: String
The 15-character ID for the user whose access is being revoked.
remoteIdentifier
Type: String
The unique ID for the user in the third-party system (this value is in the associated ThirdPartyAccountLink standard object).

Return Value

Type: Boolean

The return value is true if the revokeAccess() operation is successful; otherwise false.

Example

The following example revokes a Facebook user's access token.

1Auth.AuthToken.revokeAccess('0SOxx00000#####', 'facebook', '005xx00000#####', 'ThirdPartyIdentifier_exist214176560#####');