Apex Reference Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Apex Reference Guide
Release Notes
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
AuthConfiguration Class
AuthProviderCallbackState Class
AuthProviderPlugin Interface
AuthProviderPluginClass Class
AuthProviderTokenResponse Class
AuthToken Class
CommunitiesUtil Class
ConfigurableSelfRegHandler Interface
ConfirmUserRegistrationHandler Interface
ConnectedAppPlugin Class
CustomOneTimePasswordDeliveryHandler Interface
CustomOneTimePasswordDeliveryResult Enum
ExternalClientAppOauthHandler Class
HeadlessSelfRegistrationHandler Interface
HeadlessUserDiscoveryHandler Interface
HeadlessUserDiscoveryResponse Class
HttpCalloutMockUtil Class
IntegratingAppType Enum
InvocationContext Enum
JWS Class
JWT Class
JWTBearerTokenExchange Class
JWTUtil Class
LightningLoginEligibility Enum
LoginDiscoveryHandler Interface
LoginDiscoveryMethod Enum
MyDomainLoginDiscoveryHandler Interface
Oauth2TokenExchangeHandler Class
Oauth2TokenExchangeHandler Methods
OAuth2TokenExchangeType Enum
OAuthRefreshResult Class
OauthToken Class
OauthTokenType Enum
RegistrationHandler Interface
SamlJitHandler Interface
SessionManagement Class
SessionLevel Enum
TokenValidationResult Class
UserData Class
VerificationAction Enum
VerificationMethod Enum
VerificationPolicy Enum
VerificationResult Class
Auth Exceptions
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
CommerceExtension Namespace
CommerceOrders Namespace
CommercePayments Namespace
CommerceTax Namespace
Compression Namespace
ConnectApi Namespace
Context Namespace
Database Namespace
Datacloud Namespace
DataRetrieval Namespace
DataSource Namespace
DataWeave Namespace
Dom Namespace
EventBus Namespace
ExternalService Namespace
Flow Namespace
FormulaEval Namespace
fsccashflow Namespace
Functions Namespace
industriesNlpSvc
IndustriesDigitalLending Namespace
Invocable Namespace
IsvPartners Namespace
KbManagement Namespace
LxScheduler Namespace
Messaging Namespace
Metadata Namespace
PlaceQuote Namespace
Pref_center Namespace
Process Namespace
QuickAction Namespace
Reports Namespace
RevSalesTrxn Namespace
RichMessaging Namespace
Salesforce_Backup Namespace
Schema Namespace
Search Namespace
Sfc Namespace
Sfdc_Checkout Namespace
Sfdc_Enablement Namespace
sfdc_surveys Namespace
Site Namespace
Slack Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
VisualEditor Namespace
Wave Namespace
Appendices
PDF

Oauth2TokenExchangeHandler Class

Use this class to create a token exchange handler that validates tokens from an external identity provider and maps the token’s subject to a Salesforce user during the OAuth 2.0 token exchange flow. The handler can also be used to create users by setting up a new User object and returning it to Salesforce for automatic insertion.

Namespace

Auth

Usage

See Token Exchange Handler Validation and Subject Mapping.

Oauth2TokenExchangeHandler Methods

The following are methods for Oauth2TokenExchangeHandler.

getUserForTokenSubject(networkId, result, canCreateUser, appDeveloperName, appType)

Finds the subject defined in the external identity provider’s token so that it can be mapped to a Salesforce subject.

Signature

public User getUserForTokenSubject(Id networkId, Auth.TokenValidationResult result, Boolean canCreateUser, String appDeveloperName, Auth.IntegratingAppType appType)

Parameters

networkId
Type: Id
The identifier for the Salesforce user, if one exists.
result
Type: Auth.TokenValidationResult
The result of the token validation performed by the validateIncomingToken method in the Auth.Oauth2TokenExchangeHandler class.
canCreateUser
Type: Boolean
Specifies whether the handler can set up a User object if no user exists. Salesforce automatically inserts the user into this object.
appDeveloperName
Type: String
The developer name of the Salesforce connected app or external client app that���s being used to integrate your app with Salesforce.
appType
Type: Auth.IntegratingAppType
Specifies whether your app is integrated with Salesforce as a connected app or as an external client app.

Return Value

Type: User

Returns a User object with the user information obtained from the token, from Salesforce, and from callouts to the identity provider, if applicable. The User object can be an existing user record or a new user that hasn’t been inserted in the database. If it’s a new user, Salesforce automatically inserts the user on behalf of the token exchange handler.

validateIncomingToken(appDeveloperName, appType, incomingToken, tokenType)

Validates an access token, refresh token, ID token, SAML 2.0 assertion, or JWT passed from an external identity provider during the OAuth 2.0 token exchange flow.

Signature

public Auth.TokenValidationResult validateIncomingToken(String appDeveloperName, Auth.IntegratingAppType appType, String incomingToken, Auth.OAuth2TokenExchangeType tokenType)

Parameters

appDeveloperName
Type: String
The developer name of the Salesforce connected app or external client app that’s being used to integrate your app with Salesforce.
appType
Type: Auth.IntegratingAppType
Specifies whether your app is integrated with Salesforce as a connected app or as an external client app.
incomingToken
Type: String
The token from the external identity provider.
tokenType
Type: Auth.OAuth2TokenExchangeType
The type of token from the external identity provider. It can be an access token, a refresh token, an ID token, a SAML 2.0 assertion, or any token that’s formatted as a JSON Web Token (JWT).

Return Value

Type: Auth.TokenValidationResult

Returns information about whether the token is valid, data extracted from the token, the token itself, and the token type. It can also return a custom error message if the validation failed.