| apexHandler |
- Field Type
- string
- Description
- Name of the Apex handler. Available in API version 61.0
and later.
|
| clientCredentialsFlowUser |
- Field Type
- string
- Description
- The execution user for the OAuth 2.0 client credentials
flow. Salesforce returns access tokens on behalf of this
user. This user must have the API Only permission.
Available in API version 60.0 and later.
|
| commaSeparatedCustomScopes |
- Field Type
- string
- Description
- Custom scope names in a comma-separated list. Available
in API version 61.0 and later.
|
| commaSeparatedPermissionSet |
- Field Type
- string
- Description
- Permission set IDs in a comma-separated list.
|
| customAttributes |
- Field Type
- ExtlClntAppOauthPoliciesAttribute[]
- Description
- Unique attributes to be included as admin defaults. The
maximum number accepted is 128. Each custom attribute
must have a unique key and use an available field.
|
| executeHandlerAs |
- Field Type
- string
- Description
- Username of the Apex handler's execution user. Available
in API version 61.0 and later.
|
| externalClientApplication |
- Field Type
- string
- Description
-
Required.
The name of the external client app
associated with this OAuth policies file.
|
| guestJwtTimeout |
- Field Type
- int
- Description
- The amount of time before a JWT-based access token
issued to a guest user expires. Values are:
-
1—1
Minute
-
5—5
Minutes
-
10—10
Minutes
-
15—15
Minutes
-
30—30
Minutes
Available in API version 61.0 and
later.
|
| ipRelaxationPolicyType |
- Field Type
- string
- Description
-
The policy that determines IP restrictions.
Values are:
- Enforce
- Bypass
- Bypass_2factor
- Enforce_RelaxRefresh
|
| isClientCredentialsFlowEnabled |
- Field Type
- boolean
- Description
- If true, the client
credentials flow is enabled. The default value is
false.
Available in API version 60.0 and later.
|
| isGuestCodeCredFlowEnabled |
- Field Type
- boolean
- Description
- If true, the
external client app can use the guest user variation of
the Authorization Code and Credentials Flow. To use this
flow variation, the external client app must also be
configured to issue JWT-based access tokens. The default
value is false.
Available in API version 61.0 and later.
|
| isNamedUserJwtEnabled |
- Field Type
- boolean
- Description
- If true, the
external client app issues JWT-based access tokens
instead of opaque access tokens. The default value is
false.
Available in API version 61.0 and later.
|
| isTokenExchangeFlowEnabled |
- Field Type
- boolean
- Description
- If truetrue, the token
exchange flow is enabled. The default value is false. Available in API
version 60.0 and later.
|
| label |
- Field Type
- string
- Description
- The OAuth policies name for the external client
app.
|
| namedUserJwtTimeout |
- Field Type
- int
- Description
- The amount of time before a JWT-based access token
issued to a named user expires. Values are:
-
1—1
Minute
-
5—5
Minutes
-
10—10
Minutes
-
15—15
Minutes
-
30—30
Minutes
Available in API version 61.0 and
later.
|
| permittedUsersPolicyType |
- Field Type
- PermittedUsersPolicyType (enumeration of type
string)
- Description
- The policy that determines which users are allowed in
the external client app.
Values are:
- AdminApprovedPreAuthorized
- AllSelfAuthorized
|
| policyAction |
- Field Type
- PolicyAction (enumeration of type string)
- Description
- Requires users to verify their identity with two-factor
authentication when they log in to the external client
app. Use RaiseSessionLevel along with
requiredSessionLevel to
determine the security posture.
Values are:
|
| refreshTokenPolicyType |
- Field Type
- RefreshTokenPolicyType (enumeration of type string)
- Description
- The type of policy that determines when a token must be
refreshed.
Values are:
- Infinite
- SpecificInactivity
- SpecificLifetime
- Zero
|
| refreshTokenValidityPeriod |
- Field Type
- int
- Description
- The number of units of measure used to specify validity
when refresh token policy type is set to SpecificInactivity or
SpecificLifetime.
|
| refreshTokenValidityUnit |
- Field Type
- string
- Description
- The unit of measurement that is used to specify validity
when refresh token policy type is set to SpecificInactivity or
SpecificLifetime.
Values are:
|
| requiredSessionLevel |
- Field Type
- SessionSecurityLevel (enumeration of type string)
- Description
- Defines the security posture.
Values are:
- HIGH_ASSURANCE
- LOW
- STANDARD
|
| sessionTimeoutInMinutes |
- Field Type
- int
- Description
- Length of time the external client app’s session
lasts.
|
| singleLogoutUrl |
- Field Type
- string
- Description
- URL where Salesforce sends a logout request when users
log out of Salesforce.
|
| startUrl |
- Field Type
- string
- Description
- URL where users are directed after they
authenticate.
|