Configure Packageable External Client Apps

External client apps are an excellent solution when created and used locally. However, they were designed with managed packaging in mind. Packaged apps can be deployed to other orgs. Determine whether to package your app or keep it local. Packaged apps that include an OAuth plugin can be deployed to generate their own unique OAuth settings or they can reference the settings of the org where the app was developed.

To work with scratch orgs, first enable Developer Hub (Dev Hub) in your org. The permissions specified in the scratch org’s definition file are only recognized if they’re enabled in the Dev Hub org.

This section describes the different ways of packaging, distributing, and disassociating an external client app that includes an OAuth plugin. To set up the environment for the demos in this section, we enabled external client app users and permissions on three orgs. Each is used for a different external client app org formation.

• Org 1 is the source org that stores the global OAuth settings file. All deployed external client apps that don’t have their own global settings file reference the global settings file on this org. In a real-world scenario, this org must be a non-ephemeral org that remains active as long as any external client apps associated with it are in use. The sample username for this org is johndoe@example.com.
• Org 2 includes an external client app that is deployed from org 1. It references org 1’s global settings file for OAuth credentials. The sample username for this org is johndoe@example2.com.
• Org 3 includes an external client app that is deployed from org 1, but it includes its own global settings file with unique OAuth credentials. The sample username for this org is johndoe@example3.com.

Export Metadata and Deploy on New Org

Export the metadata from your source org, and then deploy it on another org. When this process is complete, both the source org (org 1) and the new org (org 2) reference the global settings file and the OAuth consumer details for the source org. The policies file is optional when deploying to the other org. If the existing policies file isn’t specified in the header, the deployment process generates a new policies file with default values. The new org can’t retrieve metadata from the global settings file because the source org owns it and the new org can only reference it.

Note If you delete the external client app from the source org, the new org’s external client app breaks. Because the new org requires a global settings file on the source org, removal of the file causes OAuth flow to fail on the new org.

• Retrieve Data from the Source Org
  Get external client app metadata from the source org using a retrieve operation.
• Deploy an External Client App That References the Source Org’s Global OAuth Settings File
  Deploy an external client app on a new org, and have it reference the source org’s credentials. To configure this relationship, edit the OAuth link in the OAuth settings file and remove the reference to the global OAuth settings file in the package.xml manifest file of the new org.
• Deploy an External Client App with a New Global OAuth Settings File
  Deploy the source org’s metadata on an org with its own OAuth consumer. To configure the app, remove the OAuth link in the OAuth settings file and add a reference to the global OAuth settings file in the package.xml manifest file on the new org.
• External Client Apps Association and Disassociation
  External client apps are designed for second-generation (2GP) packaging, which means that they’re optimized for source-driven development on scratch orgs.