Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure an External Client App for OAuth 2.0 Client Credentials Flow

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure an External Client App for OAuth 2.0 Client Credentials Flow

            Use the OAuth 2.0 client credentials flow to share information between two applications without any input from a user. In this flow, the client app exchanges its client credentials defined in the external client app—its consumer key and consumer secret—for an access token. This flow requires you to specify an integration user to run the integration.

            Required Editions

            User Permissions Needed
            To view all external client apps, view their settings, and edit their OAuth policies file View all External Client Apps, view their settings, and edit their policies

            To enable or disable an external client app plugin, you must first deploy an external client app on your Salesforce org. Create an External Client App, or Deploy an External Client App with a New Global OAuth Settings File.

            Note
            Note Before you set up the client credentials flow, it’s important to understand its security risks. With this flow enabled, any person or app that has access to your external client app’s consumer key and consumer secret can get an access token. Maintain security by periodically changing your consumer secret, and if it becomes compromised, change it immediately. See Stage, Rotate, and Delete OAuth Credentials for an External Client App.
            1. Open the ExtlClntAppGlobalOauthSettings file on your org.
            2. Set the isClientCredentialsFlowEnabled field value to true, and save the file.
            3. Open the ExtlClntAppConfigurablePolicies file.
            4. Set the isClientCredentialsFlowEnabled field value to true.
            5. Add the clientCredentialsFlowUser field, and enter the execution user’s username.
            6. Save the ExtlClntAppConfigurablePolicies file.
            7. Deploy these changes.
              sf project deploy start --manifest package.xml --target-org johndoe@example.com
             
            Loading
            Salesforce Help | Article