| callbackUrl |
- Field Type
- string
- Description
- The endpoint that Salesforce calls back to your external
client app during OAuth. It’s the OAuth
redirect_uri.
|
| certificate |
- Field Type
- string
- Description
- If the app uses a certificate, the PEM-encoded
certificate string. When provided, it enables the JWT
Bearer flow. Available in API version 60.0 and
later.
|
| consumerKey |
- Field Type
- string
- Description
- A value used by the consumer for identification to
Salesforce. Referred to as client_id in OAuth 2.0.
|
| consumerSecret |
- Field Type
- string
- Description
- A value that is combined with the
consumerKey and used by the
consumer for identification to Salesforce. Referred to
as client_secret in OAuth 2.0.
|
| externalClientApplication |
- Field Type
- string
- Description
-
Required.
Name of the external client
application.
|
| idTokenConfig |
- Field Type
- ExternalAppIdTokenConfig
- Description
- The settings for the ID token.
|
| isClientCredentialsFlowEnabled |
- Field Type
- boolean
- Description
- If set to true, the
OAuth 2.0 client credentials flow is enabled. Available
in API version 60.0 and later.
|
| isCodeCredFlowEnabled |
- Field Type
- boolean
- Description
- If set to true, the external client app can use
the Authorization Code and Credentials Flow and its
variations for headless login, passwordless login, and
guest user identity services in an off-platform app.
Headless registration isn’t currently supported for
external client apps. The default value is false.
To use this
field, the Authorization Code and Credentials Flow
must be enabled for your org in OAuth and OpenID
Connect settings.
Available in API version
61.0 and later.
|
| isCodeCredPostOnly |
- Field Type
- boolean
- Description
- If set to true, for the Authorization Code and
Credentials Flow, the external client app is required to
send the user’s credentials to the Salesforce
services/oauth2/authorize
endpoint in the body of a POST request. If set to
false, the app
can send a POST or GET request with the user’s
credentials in the request body or in a Basic
authorization header. The default value is false.
-
To use this field, the Authorization Code and
Credentials Flow must be enabled for your external
client app. Headless registration, a variation of
this flow, isn’t currently supported for external
client apps.
Available in API version 61.0 and later.
|
| isConsumerSecretOptional |
- Field Type
- boolean
- Description
- If set to false
(default), the external app’s client secret is required
in exchange for an access token in the OAuth 2.0 web
server flow. If set to true, the external app’s client secret is
optional.
|
| isDeviceFlowEnabled |
- Field Type
- boolean
- Description
- If set to true, the
external client app can use the OAuth 2.0 device flow.
Available in API version 60.0 and later.
|
| isIntrospectAllTokens |
- Field Type
- boolean
- Description
- If set to true,
authorizes the external app to introspect all access and
refresh all tokens. If set to false (default), the
external client app can introspect its own tokens.
|
| isNamedUserJwtEnabled |
- Field Type
- boolean
- Description
- If set to true, the external client app issues
JSON Web Token (JWT)-based access tokens. If set to
false, it
issues opaque access tokens. The default value is
false
Available in API version 61.0 and
later.
|
| isPkceRequired |
- Field Type
- boolean
- Description
- If set to true
(default) Proof Key for Code for Exchange (PKCE) is
required for OAuth integration. If set to false, PKCE is
optional.
|
| isRefreshTokenRotationEnabled |
- Field Type
- boolean
- Description
- If set to true, the
refresh token rotation is enabled. Available in API
version 60.0 and later.
|
| isSecretRequiredForRefreshToken |
- Field Type
- boolean
- Description
- If set to true
(default), the app’s client secret is required in the
authorization request of a refresh token and hybrid
refresh token flow. If set to false and an app sends
the client secret in the authorization request,
Salesforce still validates it.
|
| isSecretRequiredForTokenExchange |
- Field Type
- boolean
- Description
- If set to true, the
app’s client secret is required for token exchange.
Available in API version 60.0 and later.
|
| isTokenExchangeEnabled |
- Field Type
- boolean
- Description
- If set to true,
token exchange is enabled. Available in API version 60.0
and later.
|
| label |
- Field Type
- string
- Description
- External Client Application Global OAuth Settings
name.
|
| shouldRotateConsumerKey |
- Field Type
- boolean
- Description
- If set to true, the
OAuth external client app's consumer key is replaced
with a newly generated key on metadata deploy.. To maintain security, if this
field is set to true, you must include the ignore warnings
attribute in the deploy command. Default is false.
|
| shouldRotateConsumerSecret |
- Field Type
- boolean
- Description
- If set to true, the
OAuth external client app’s consumer secret is replaced
with a newly generated secret on metadata deploy. To
maintain security, if this field is set to true, you must include
the ignore warnings attribute in the deploy command.
Default is false.
|