Apex Reference Guide

Apex Reference Guide
Release Notes
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
AuthConfiguration Class
AuthProviderCallbackState Class
AuthProviderPlugin Interface
AuthProviderPluginClass Class
AuthProviderTokenResponse Class
AuthToken Class
CommunitiesUtil Class
ConfigurableSelfRegHandler Interface
ConfirmUserRegistrationHandler Interface
ConnectedAppPlugin Class
CustomOneTimePasswordDeliveryHandler Interface
CustomOneTimePasswordDeliveryResult Enum
ExternalClientAppOauthHandler Class
ExternalClientAppOauthHandler Methods
GeneratedUserData Class
HeadlessSelfRegistrationHandler Interface
HeadlessUserDiscoveryHandler Interface
HeadlessUserDiscoveryResponse Class
HttpCalloutMockUtil Class
IntegratingAppType Enum
InvocationContext Enum
JsonValueOutput Class
JWS Class
JWT Class
JWTBearerTokenExchange Class
JWTUtil Class
LightningLoginEligibility Enum
LoginDiscoveryHandler Interface
LoginDiscoveryMethod Enum
MyDomainLoginDiscoveryHandler Interface
Oauth2TokenExchangeHandler Class
OAuth2TokenExchangeType Enum
OAuthRefreshResult Class
OauthToken Class
OauthTokenType Enum
RegistrationHandler Interface
SamlJitHandler Interface
SessionManagement Class
SessionLevel Enum
TokenValidationResult Class
UserData Class
VerificationAction Enum
VerificationMethod Enum
VerificationPolicy Enum
VerificationResult Class
Auth Exceptions
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
CommerceBuyGrp Namespace
CommerceExtension Namespace
CommerceOrders Namespace
CommercePayments Namespace
CommerceTax Namespace
ComplianceMgmt Namespace
Compression Namespace
ConnectApi Namespace
Context Namespace
Database Namespace
Datacloud Namespace
DataRetrieval Namespace
DataSource Namespace
DataWeave Namespace
Dom Namespace
embeddedai Namespace
EventBus Namespace
ExternalService Namespace
Flow Namespace
Flowtesting Namespace
flowuiruntime Namespace
FormulaEval Namespace
fsccashflow Namespace
Functions Namespace
ise_bots_apex Namespace
IssueCreditMemo Namespace
ind_mfg_sample_mgmt_apex Namespace
industriesNlpSvc
IndustriesDigitalLending Namespace
Invocable Namespace
InvoiceWriteOff Namespace
IsvPartners Namespace
KbManagement Namespace
LxScheduler Namespace
Messaging Namespace
Metadata Namespace
PlaceQuote Namespace
Pref_center Namespace
Process Namespace
QuickAction Namespace
renew_assets_summary Namespace
Reports Namespace
RevSignaling Namespace
RevSalesTrxn Namespace
RichMessaging Namespace
RulesAppln Namespace
runtime_industries_cpq Namespace
runtime_industries_insurance Namespace
Schema Namespace
Search Namespace
setup_flow_performance Namespace
Sfc Namespace
Sfdc_Checkout Namespace
Sfdc_Enablement Namespace
sfdc_surveys Namespace
Site Namespace
Slack Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
VisualEditor Namespace
Wave Namespace
Appendices
PDF

ExternalClientAppOauthHandler Class

Contains methods for extending the behavior of an external client app. For example, customize how an external client app is invoked depending on the protocol used. This class gives you more control over the interaction between Salesforce and your external client app.

Namespace

Auth

Usage

When you create an external client app, you specify general information about the app and settings for OAuth. To customize how the app is invoked, create a external client app handler with the ExternalClientAppOauthHandler Apex class. For example, use this class to support new authentication protocols or respond to user attributes in a way that benefits the business process.

When you create an external client app handler, you also configure the ExternalClientAppOauthHandler class to run as an execution user. The execution user authorizes access for the external client app. For example, when you use the authorize method, the execution user authorizes the external client app to access data.

If you don't specify an execution user, the plug-in runs as an Automated Process User, which is a system user that executes tasks behind the scenes. Most ExternalClientAppOauthHandler methods require that you specify an execution user, with the exception of the customAttributes method.

ExternalClientAppOauthHandler Methods

The following are methods for ExternalClientAppOauthHandler.

authorize(userId, ecAppId, isAdminApproved, context)

Authorizes the specified user to access the external client app. If the external client app is set for users to self-authorize, this method isn’t invoked.

Signature

public Boolean authorize(Id userId, Id ecAppId, Boolean isAdminApproved, Auth.InvocationContext context)

Parameters

userId
Type: Id
The 15-character ID of the user attempting to use the external client app.
ecAppId
Type: Id
The 15-character ID of the external client app.
isAdminApproved
Type: Boolean
The approval state of the specified user when the external client app requires approval.
context
Type: Auth.InvocationContext
The context in which the external client app is invoked.

Return Value

Type: Boolean

A returned value of true indicates that the user is approved.

customAttributes(userId, ecAppId, formulaDefinedAttributes, context)

Sets new attributes for the specified user. When the external client app gets the user’s attributes from the UserInfo endpoint, use this method to update the attribute values.

Signature

public Map<String,String> customAttributes(Id userId, Id ecAppId, Map<String,String> formulaDefinedAttributes, Auth.InvocationContext context)

Parameters

userId
Type: Id
The 15-character ID of the user attempting to use the external client app.
ecAppId
Type: Id
The 15-character ID for the external client app.
formulaDefinedAttributes
Type: Map<String,String>
A map of the current set of attributes from the UserInfo endpoint (OAuth) or from a SAML assertion. For more information, see The UserInfo Endpoint in the online help.
context
Type: Auth.InvocationContext
The context in which the external client app is invoked.

Return Value

Type: Map<String,String>

A map of the updated set of attributes.

refresh(userId, ecAppId, context)

Salesforce calls this method during a refresh token exchange.

Signature

public void refresh(Id userId, Id ecAppId, Auth.InvocationContext context)

Parameters

userId
Type: Id
The 15-character ID of the user requesting the refresh token.
ecAppId
Type: Id
The 15-character ID of the external client app.
context
Type: Auth.InvocationContext
The context in which the external client app is invoked.

Return Value

Type: void