External Client Apps Association and Disassociation

External client apps are designed for second-generation (2GP) packaging, which means that they’re optimized for source-driven development on scratch orgs.

When using OAuth for app security, each external client app must have access to OAuth consumer information. This information is sensitive and confidential. To maintain security, external client apps using OAuth include two settings files.

• Global OAuth settings: A file that includes the keys, secrets, and other proprietary configurations related to the OAuth Consumer. The global settings file is shared by all deployments of the external client app and must be stored on a non-ephemeral org that exists throughout the life of all packages.
• OAuth settings: A file that contains immutable developer configurations that can be packaged and delivered to individual orgs. These configurations aren’t derived from an OAuth consumer. This file is stored locally and in a distributed external client app on a subscriber’s org. It includes an OAuth link that associates the external client app with the OAuth consumer in a global OAuth settings file.

In the next set of activities, we associate an external client app with a global OAuth settings file by deploying external client app metadata with a few configurations.

• OAuth enabled
• No OAuth global settings file listed in the manifest file
• An OAuth link to the OAuth global settings file in the OAuth settings file

If you aren’t comfortable with all instances of your app sharing common global settings, including a common OAuth consumer key and secret, disassociate the apps to sever the connection between these two components. To successfully break that connection, a new OAuth consumer must be created as part of a new global settings file.

• Disassociate an External Client App from the Source Org’s Global Settings File
  When an external client app in one org relies on the global settings file in a source org, you can break the link between the two orgs and generate a unique global settings file for the org.
• Associate an External Client App with the Source Org Global Settings File
  To associate an external client app with the source org’s global settings, configure the metadata files to reference the source org and then deploy the external client app from the linked org.
• Deploy External Client App Metadata Between Two Orgs
  Because the settings file and global settings file are separate elements of external client apps, you can update the settings file and deploy it to another org without affecting the authorization settings.
• Disable an External Client App Plugin
  To disable a plugin in an external client app, remove the policies for that plugin.