Apex Reference Guide

Apex Reference Guide
Release Notes
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
AuthConfiguration Class
AuthProviderCallbackState Class
AuthProviderPlugin Interface
AuthProviderPluginClass Class
AuthProviderTokenResponse Class
AuthToken Class
CommunitiesUtil Class
ConfigurableSelfRegHandler Interface
ConfirmUserRegistrationHandler Interface
ConnectedAppPlugin Class
CustomOneTimePasswordDeliveryHandler Interface
CustomOneTimePasswordDeliveryResult Enum
ExternalClientAppOauthHandler Class
HeadlessSelfRegistrationHandler Interface
HeadlessUserDiscoveryHandler Interface
HeadlessUserDiscoveryResponse Class
HttpCalloutMockUtil Class
IntegratingAppType Enum
InvocationContext Enum
JWS Class
JWT Class
JWTBearerTokenExchange Class
JWTUtil Class
LightningLoginEligibility Enum
LoginDiscoveryHandler Interface
LoginDiscoveryMethod Enum
MyDomainLoginDiscoveryHandler Interface
Oauth2TokenExchangeHandler Class
OAuth2TokenExchangeType Enum
OAuthRefreshResult Class
OauthToken Class
OauthTokenType Enum
RegistrationHandler Interface
RegistrationHandler Methods
Storing User Information and Getting Access Tokens
Auth.RegistrationHandler Example Implementation
Auth.RegistrationHandler Error Example
SamlJitHandler Interface
SessionManagement Class
SessionLevel Enum
TokenValidationResult Class
UserData Class
VerificationAction Enum
VerificationMethod Enum
VerificationPolicy Enum
VerificationResult Class
Auth Exceptions
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
CommerceExtension Namespace
CommerceOrders Namespace
CommercePayments Namespace
CommerceTax Namespace
Compression Namespace
ConnectApi Namespace
Context Namespace
Database Namespace
Datacloud Namespace
DataRetrieval Namespace
DataSource Namespace
DataWeave Namespace
Dom Namespace
EventBus Namespace
ExternalService Namespace
Flow Namespace
FormulaEval Namespace
fsccashflow Namespace
Functions Namespace
industriesNlpSvc
IndustriesDigitalLending Namespace
Invocable Namespace
IsvPartners Namespace
KbManagement Namespace
LxScheduler Namespace
Messaging Namespace
Metadata Namespace
PlaceQuote Namespace
Pref_center Namespace
Process Namespace
QuickAction Namespace
Reports Namespace
RevSalesTrxn Namespace
RichMessaging Namespace
Salesforce_Backup Namespace
Schema Namespace
Search Namespace
Sfc Namespace
Sfdc_Checkout Namespace
Sfdc_Enablement Namespace
sfdc_surveys Namespace
Site Namespace
Slack Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
VisualEditor Namespace
Wave Namespace
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

RegistrationHandler Interface

Salesforce provides the ability to use an authentication provider, such as Facebook© or Janrain©, for single sign-on into Salesforce.

Namespace

Auth

Usage

To set up single sign-on, you must create a class that implements Auth.RegistrationHandler. Classes implementing the Auth.RegistrationHandler interface are specified as the Registration Handler in authentication provider definitions, and enable single sign-on into Salesforce portals and organizations from third-party services such as Facebook. Using information from the authentication providers, your class must perform the logic of creating and updating user data as appropriate, including any associated account and contact records.

During the user update process, you can use the confirmUser() method to ensure that users are correctly mapped between Salesforce and the third party. For more information, see the ConfirmUserRegistrationHandler Interface.

Note

RegistrationHandler Methods

The following are methods for RegistrationHandler.

createUser(portalId, userData)

Returns a User object using the specified portal ID and user information from the third party, such as the username and email address. The User object corresponds to the third party’s user information. It can be a new user that hasn’t been inserted in your org’s database, or it can represent an existing user record in the database. If it’s a new User object, Salesforce inserts a user record for you.

Signature

public User createUser(ID portalId, Auth.UserData userData)

Parameters

portalId
Type: ID
userData
Type: Auth.UserData

Return Value

Type: User

Usage

The portalID value can be null or an empty key if there’s no portal configured with this provider.

updateUser(userId, portalId, userData)

Updates the specified user’s information. This method is called if the user has logged in before with the authentication provider and then logs in again.

Signature

public Void updateUser(ID userId, ID portalId, Auth.UserData userData)

Parameters

userId
Type: ID
portalId
Type: ID
userData
Type: Auth.UserData

Return Value

Type: Void

Usage

The portalID value can be null or an empty key if there's no portal configured with this provider.

Storing User Information and Getting Access Tokens

The Auth.UserData class is used to store user information for Auth.RegistrationHandler. The third-party authentication provider can send back a large collection of data about the user, including their username, email address, locale, and so on. Frequently used data is converted into a common format with the Auth.UserData class and sent to the registration handler.

If the registration handler wants to use the rest of the data, the Auth.UserData class has an attributeMap variable. The attribute map is a map of strings (Map<String, String>) for the raw values of all the data from the third party. Because the map is <String, String>, values that the third party returns that aren't strings (like an array of URLs or a map) are converted into an appropriate string representation. The map includes everything returned by the third-party authentication provider, including the items automatically converted into the common format.

The constructor for Auth.UserData has the following syntax:
1Auth.UserData(String identifier,
2              String firstName,
3              String lastName,
4              String fullName,
5              String email,
6              String link,
7              String userName,
8              String locale,
9              String provider,
10              String siteLoginUrl,
11              Map<String, String> attributeMap)

To learn about Auth.UserData properties, see Auth.UserData Class.

You can only perform DML operations on additional sObjects in the same transaction with User objects under certain circumstances. For more information, see sObjects That Cannot Be Used Together in DML Operations.

Note

For all authentication providers except Janrain, after a user is authenticated using a provider, the access token associated with that provider for this user can be obtained in Apex using the Auth.AuthToken Apex class. Auth.AuthToken provides two methods to retrieve access tokens. One is getAccessToken, which obtains a single access token. Use this method if the user ID is mapped to a single third-party user. If the user ID is mapped to multiple third-party users, use getAccessTokenMap, which returns a map of access tokens for each third-party user. For more information about authentication providers, see Authentication Providers in Salesforce Help.

When using Janrain as an authentication provider, you must use the Janrain accessCredentials dictionary values to retrieve the access token or its equivalent. Only some providers supported by Janrain provide an access token, while other providers use other fields. The Janrain accessCredentials fields are returned in the attributeMap variable of the Auth.UserData class. See the Janrain auth_info documentation for more information on accessCredentials.

Not all Janrain account types return accessCredentials. Sometimes you must change your account type to receive the information.

Note

To learn about the Auth.AuthToken methods, see Auth.AuthToken Class.

Auth.RegistrationHandler Example Implementation

This example implements the Auth.RegistrationHandler interface that creates as well as updates a standard user based on data provided by the authentication provider. Error checking has been omitted to keep the example simple.

1global class StandardUserRegistrationHandler implements Auth.RegistrationHandler{
2    global User createUser(Id portalId, Auth.UserData data) {
3        User u = new User();
4        Profile p = [SELECT Id FROM profile WHERE name='Standard User'];
5        u.Username = data.username + '@salesforce.com';
6        u.Email = data.email;
7        u.LastName = data.lastName;
8        u.FirstName = data.firstName;
9        String alias = data.username;
10        if(alias.length() > 8) {
11            alias = alias.substring(0, 8);
12        }
13        u.Alias = alias;
14        u.LanguageLocaleKey = data.attributeMap.get('language');
15        u.LocaleSidKey = data.locale;
16        u.EmailEncodingKey = 'UTF-8';
17        u.TimeZoneSidKey = 'America/Los_Angeles';
18        u.ProfileId = p.Id;
19        return u;
20    }
21
22    global void updateUser(Id userId, Id portalId, Auth.UserData data) {
23        User u = new User(id=userId);
24        u.Username = data.username + '@salesforce.com';
25        u.Email = data.email;
26        u.LastName = data.lastName;
27        u.FirstName = data.firstName;
28        String alias = data.username;
29        if(alias.length() > 8) {
30            alias = alias.substring(0, 8);
31        }
32        u.Alias = alias;
33        u.LanguageLocaleKey = data.attributeMap.get('language');
34        u.TimeZoneSidKey = data.locale;
35        update(u);
36    }
37}

The following example tests the above code.

1@isTest
2private class StandardUserRegistrationHandlerTest {
3static testMethod void testCreateAndUpdateUser() {
4    StandardUserRegistrationHandler handler = new StandardUserRegistrationHandler();
5    Auth.UserData sampleData = new Auth.UserData('testId', 'testFirst', 'testLast',
6        'testFirst testLast', 'testuser@example.org', null, 'testuserlong', 'en_US', 'facebook',
7        null, new Map<String, String>{'language' => 'en_US'});
8    User u = handler.createUser(null, sampleData);
9    System.assertEquals('testuserlong@salesforce.com', u.username);
10    System.assertEquals('testuser@example.org', u.email);
11    System.assertEquals('testLast', u.lastName);
12    System.assertEquals('testFirst', u.firstName);
13    System.assertEquals('testuser', u.alias);
14    insert(u);
15    String uid = u.id;
16    
17    sampleData = new Auth.UserData('testNewId', 'testNewFirst', 'testNewLast',
18        'testNewFirst testNewLast', 'testnewuser@example.org', null, 'testnewuserlong', 'en_US', 'facebook',
19        null, new Map<String, String>{});
20    handler.updateUser(uid, null, sampleData);
21    
22    User updatedUser = [SELECT username, email, firstName, lastName, alias FROM user WHERE id=:uid];
23    System.assertEquals('testnewuserlong@salesforce.com', updatedUser.username);
24    System.assertEquals('testnewuser@example.org', updatedUser.email);
25    System.assertEquals('testNewLast', updatedUser.lastName);
26    System.assertEquals('testNewFirst', updatedUser.firstName);
27    System.assertEquals('testnewu', updatedUser.alias);
28}
29}

Auth.RegistrationHandler Error Example

This example implements the Auth.RegistrationHandler interface and shows how to use a custom exception to display an error message in the URL of the page. If you don’t use a custom exception, the error code and description appear in the URL and the error description appears on the page.

To limit this example to the custom exception, some code was omitted. 

1global class RegHandler implements Auth.RegistrationHandler {
2
3    class RegHandlerException extends Exception {}
4
5        global User createUser(Id portalId, Auth.UserData data){
6            List<Profile> profiles = [SELECT Id, Name, UserType FROM Profile WHERE Name = 'Power User']; 
7            Profile profile = profiles.isEmpty() ? null : profiles[0]; 
8            if(profile==null) 
9               throw new RegHandlerException('Cannot find the profile. For help, contact your administrator.'); 
10... 
11        } 
12
13        global void updateUser(Id userId, Id portalId, Auth.UserData data){
14            User u = new User(id=userId);
15            u.lastName = data.lastName;
16            u.firstName = data.firstName;
17            update(u);
18        }
19}