OauthOidcSettings

Represents org settings for disabling OAuth OpenID Connect authorization flows.

Parent Type and Manifest Access

This type extends the Metadata metadata type and inherits its fullName field.

In the package manifest, all the settings metadata types for the org are accessed using the “Settings” name. See Settings for more details.

File Suffix and Directory Location

OauthOidcSettings values are stored in the OauthOidc.settings file in the settings folder. The .settings files are different from other named components, because there is only one settings file for each settings component.

Version

OauthOidcSettings is available in API version 56.0 and later.

Special Access Rules

There are no additional access requirements that are specific to this type.

Fields

Field Name Description
blockOAuthUnPwFlow
Field Type
boolean
Description
Indicates whether the username-password flow is blocked (true) or not blocked (false). The default value is false.
blockOAuthUsrAgtFlow
Field Type
boolean
Description
Indicates whether the user-agent flow is blocked (true) or not blocked (false). The default value is false.
enableHdlessFgtPswFlow
Field Type
boolean
Description
For internal use only.
isPkceRequired
Field Type
boolean
Description
Indicates whether the OAuth 2.0 Proof Key for Code Exchange (PKCE) security extension is required for variations of the OAuth authorization code flow that access this org (true) or not (false). This setting requires PKCE for all supported variations of the authorization code flow, including the web server flow, the Authorization Code and Credentials Flow, and their derivatives. The default value is false. This field is available in API version 59.0 and later.
oAuthCdCrdtFlowEnable
Field Type
boolean
Description
Indicates whether the Authorization Code and Credentials Flow is enabled (true) or blocked (false). The default value is false.

Example Package Manifest

The following is an example package.xml that references the previous definition.

<?xml version=“1.0" encoding=“UTF-8”?>
<Package xmlns=“http://soap.sforce.com/2006/04/metadata”>
  <types>
    <members>OauthOidc</members>
    <name>Settings</name>
  </types>
  <version>56.0</version>
</Package>

Wildcard Support in the Manifest File

The wildcard character * (asterisk) in the package.xml manifest file doesn’t apply to metadata types for feature settings. The wildcard applies only when retrieving all settings, not for an individual setting. For details, see Settings. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.