Apex Reference Guide

Apex Reference Guide
Release Notes
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
AuthConfiguration Class
AuthProviderCallbackState Class
AuthProviderPlugin Interface
AuthProviderPluginClass Class
AuthProviderTokenResponse Class
AuthToken Class
CommunitiesUtil Class
ConfigurableSelfRegHandler Interface
ConfirmUserRegistrationHandler Interface
ConfirmUserRegistrationHandler Methods
ConfirmUserRegistrationHandler Example Implementation
ConnectedAppPlugin Class
HeadlessSelfRegistrationHandler Interface
InvocationContext Enum
JWS Class
JWT Class
JWTBearerTokenExchange Class
LightningLoginEligibility Enum
LoginDiscoveryHandler Interface
LoginDiscoveryMethod Enum
MyDomainLoginDiscoveryHandler Interface
OAuthRefreshResult Class
RegistrationHandler Interface
SamlJitHandler Interface
SessionManagement Class
SessionLevel Enum
UserData Class
VerificationMethod Enum
VerificationPolicy Enum
VerificationResult Class
Auth Exceptions
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
CommercePayments Namespace
ConnectApi Namespace
Database Namespace
Datacloud Namespace
DataSource Namespace
DataWeave Namespace
Dom Namespace
EventBus Namespace
ExternalService Namespace
Flow Namespace
Functions Namespace
Invocable Namespace
KbManagement Namespace
LxScheduler Namespace
Messaging Namespace
Metadata Namespace
Pref_center Namespace
Process Namespace
QuickAction Namespace
Reports Namespace
RichMessaging Namespace
Schema Namespace
Search Namespace
Sfc Namespace
Sfdc_Checkout Namespace
sfdc_surveys Namespace
Site Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
VisualEditor Namespace
Wave Namespace
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

ConfirmUserRegistrationHandler Interface

Manages single sign-on (SSO) user mappings between Salesforce and a third-party identity provider. Use this interface to confirm user mappings before updating them.

Namespace

Auth

Usage

When you set up SSO with a third-party identity provider, you create a class that implements a registration handler using the Auth.RegistrationHandler interface. This class manages the process of creating and updating users. For advanced use cases that require you to confirm user information during the update process, implement the Auth.ConfirmUserRegistrationHandler interface in your class. This interface must be implemented in addition to Auth.RegistrationHandler.

You can use the Auth.ConfirmUserRegistrationHandler interface to ensure that users are mapped correctly between Salesforce and the third party. When a user who has previously logged in with an authentication provider logs in again, you can confirm that the incoming user data is consistent with the user's third-party identifier. If not, you can identify which user is supposed to be logged in.

You can also use the Auth.ConfirmUserRegistrationHandler interface to switch context for users with multiple records. For example, a user has two records—an admin user and a standard user. When the user logs in, the third-party identity provider confirms the account used to log in and sends the response to Salesforce via the UserInfo endpoint. You can then use this information to determine whether to log in the user as an admin or standard user.

ConfirmUserRegistrationHandler Methods

The following are methods for ConfirmUserRegistrationHandler.

confirmUser(userId, tpalId, portalId, userdata)

Returns the ID of the user to be logged in based on their mapping to a third-party identifier. This method is called before calling the updateUser() method. It's called only if the incoming user has previously logged in and has a third-party account link to a Salesforce user.

Signature

public Id confirmUser(Id userId, Id tpalId, Id portalId, Auth.UserData userdata)

Parameters

userId
Type: Id
The ID of the user who is mapped to the third-party identifier via a third-party account link.
tpalId
Type: Id
The third-party account link corresponding to the third-party identifier.
portalId
Type: Id
The portal ID the user is logging in to. If there's no portal configured, this value can be null.
userData
Type: Auth.UserData
Contains user information from the third-party identity provider.

Return Value

Type: Id

The Id of the user to be logged in. If null, login fails.

ConfirmUserRegistrationHandler Example Implementation

This example implements the Auth.ConfirmUserRegistrationHandler interface during the user update process to confirm that the correct user is logging in based on their email address and last name.

1global class StandardUserRegistrationHandler implements Auth.RegistrationHandler, Auth.ConfirmUserRegistrationHandler {
2    global User createUser(Id portalId, Auth.UserData data){
3        User u = new User();
4        Profile p = [SELECT Id FROM profile WHERE name='Standard User'];
5        u.username = data.username + '@salesforce.com';
6        u.email = data.email;
7        u.lastName = data.lastName;
8        u.firstName = data.firstName;
9        String alias = data.username;
10        if(alias.length() > 8) {
11            alias = alias.substring(0, 8);
12        }
13        u.alias = alias;
14        u.languagelocalekey = data.attributeMap.get('language');
15        u.localesidkey = data.locale;
16        u.emailEncodingKey = 'UTF-8';
17        u.timeZoneSidKey = 'America/Los_Angeles';
18        u.profileId = p.Id;
19        return u;
20    }
21    
22    global void updateUser(Id userId, Id portalId, Auth.UserData data) {
23        User u = new User(id=userId);
24        u.username = data.username + '@salesforce.com';
25        u.email = data.email;
26        u.lastName = data.lastName;
27        u.firstName = data.firstName;
28        String alias = data.username;
29        if(alias.length() > 8) {
30            alias = alias.substring(0, 8);
31        }
32        u.alias = alias;
33        u.languagelocalekey = data.attributeMap.get('language');
34        u.localesidkey = data.locale;
35        update(u);
36    }
37    
38    global Id confirmUser(Id userId, Id tpalId, Id portalId, Auth.UserData data) {
39        if (data.email.contains(data.lastName)) { // looks genuine 
40            return userId;
41        } else { // find the right user
42            User confirmedUser = [SELECT id FROM user WHERE email=:data.email];
43            return confirmedUser.Id;
44        }
45    }
46}

The following example tests the implementation:

1@isTest
2public class StandardUserRegistrationHandlerTest {
3    static testMethod void testConfirmUser() {
4        StandardUserRegistrationHandler handler = new StandardUserRegistrationHandler();
5        Auth.UserData sampleData = new Auth.UserData('idA', 'firstName', 'A',
6            'firstName A', 'userA@example.org', null, 'usernameA', 'en_US', 'facebook',
7            null, new Map<String, String>{'language' => 'en_US'});
8        User u = handler.createUser(null, sampleData);
9        insert(u);
10        String uid = u.id;
11        
12        sampleData = new Auth.UserData('idB', 'firstName', 'B',
13            'firstName B', 'userA@example.org', null, 'usernameB', 'en_US', 'facebook',
14            null, new Map<String, String>{}); // note that user B is using userA's email
15        Id confirmedUserId = handler.confirmUser(uid, '060xx0000004Eh6', null, sampleData);
16        System.assertEquals(uid, confirmedUserId); // we should see userA's id
17    }
18}