Configure OAuth Policies

OAuth policies are an important part of the external client app OAuth plugin that are generated with default values when an external client app is saved or during deployment to a subscriber org. Admins configure the OAuth policies file for their specific use case.

Policies only apply to the org where they are configured, whether that is the same org where the external client app was created or the external client app was installed. After an admin updates policies, the values persist even if the developer updates the app Settings.

• Configure a Custom Attribute for External Client Apps
  Create custom attributes to capture useful and unique information. With custom attributes, you can get more information about a user’s identity such as an address or job title. Configure custom attributes for your external client app in the Policies tab.
• Configure Client Credential Flow Policies for External Client Apps
  After Client Credentials Flows setting is enabled, configure the flow’s policies.
• Configure OAuth 2.0 Code and Credential Flow Policies for External Client Apps
  After Client Credentials Flows setting is enabled, configure the flow’s policies.
• Stage, Rotate, and Delete OAuth Credentials for an External Client App
  Use the OAuth Staged Credentials Connect REST API endpoint to manage the OAuth key and secret for an external client app. The API can be used to stage, view, rotate, or delete OAuth credentials.
• Manage External Client App OAuth Credentials with AWS Secrets Manager
  Maintain credential security as you stage and rotate your client secret with the Amazon Web Services (AWS) Secrets Manager. Using Secrets Manager, the external client app client secret is never exposed. Secrets Manager coordinates the rotation according to the schedule required by your security and compliance mandates.