Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            External Client Apps Creation with Metadata API

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            External Client Apps Creation with Metadata API

            Developers can create external client apps in Salesforce Setup or programmatically using Metadata API. After downloading an external client app, admins can configure Policies specific to the needs of their org.

            While connected apps consist of a single metadata file that encompasses configurations for both the developer and the admin, external client apps configurations are spread across multiple files. Each external client app includes header files and one or more plugins. Each plugin has its own settings files and policies file.

            The process includes setting up an SFDX project, creating and configuring settings files, and deploying the external client app.

            • Configure a Salesforce DX Project for External Client Apps
              Prepare your org and create a Salesforce DX project to develop external client apps.
            • Create a Local External Client App with Metadata API
              After you create a Salesforce DX project, configure the project to create a local external client app.
            • Configure Packageable External Client Apps
              External client apps are an excellent solution when created and used locally. However, they were designed with managed packaging in mind. Packaged apps can be deployed to other orgs. Determine whether to package your app or keep it local. Packaged apps that include an OAuth plugin can be deployed to generate their own unique OAuth settings or they can reference the settings of the org where the app was developed.
            • Delete an External Client App
              Delete the external client app from the source org.
            • Configure External Client App Policies
              Salesforce admins can set the policies that control the external client app. All changes are made through the metadata API.
            • Enable or Disable External Client App Plugins
              Salesforce admins can disable an external client app or its plugins on their external client apps. All changes are made through the configurable policies file in the metadata API.
            • External Client App OAuth Usage
              Get External Client App OAuth usage information and revoke tokens through the Connect REST API. The Connect API returns information about the external client apps that users in your org are connecting to, a list of all OAuth users for an app, or the tokens for a given app and user. If you want to revoke access to an external client app, use the Connect API usage resources to revoke a specific token, all tokens associated with an app, or the tokens associated with a specific user.
            • OAuth Client Credentials Rotation for External Client Apps
              One way to maintain the security of your external client apps is to change the OAuth consumer key or secret. Use Connect API to stage, rotate, and delete OAuth credentials.
            • Custom Attributes for External Client Apps
              Use custom attributes to configure unique settings for an external client app. Create new attributes in the settings file, and they show up as developer defaults in the policies file when the app is deployed.
            • Configure an External Client App for OAuth 2.0 Client Credentials Flow
              Use the OAuth 2.0 client credentials flow to share information between two applications without any input from a user. In this flow, the client app exchanges its client credentials defined in the external client app—its consumer key and consumer secret—for an access token. This flow requires you to specify an integration user to run the integration.
            • Configure an OAuth 2.0 Device Flow for External Client Apps
              Configure the Global OAuth Settings to include a device code, and enable the OAuth 2.0 device flow. OAuth 2.0 device flows integrate apps that run on devices with limited input or display capabilities, such as smart TVs, appliances, and other internet of things (IoT) devices. Command-line apps can also use this flow. Users can connect these apps to Salesforce by accessing a browser on a device with more advanced input capabilities, such as a desktop or mobile device.
            • Configure OAuth 2.0 JWT Bearer Flow for External Client Apps
              External client apps can support OAuth 2.0 JSON Web Token (JWT) bearer flows using the certificate field in the global OAuth settings file. A JWT flow authorizes servers to access data without interactively logging in each time the servers exchange information.
            • Integrate a SAML SSO Service Provider as an External Client App
              To use Salesforce as a SAML single sign-on (SSO) identity provider for a third-party service provider, integrate your service provider by using the external client apps framework. Create a SAML-enabled external client app and specify configuration information from your service provider. You can configure a SAML-enabled external client app via Metadata API only. External client apps with SAML configurations can’t be packaged or distributed.
             
            Loading
            Salesforce Help | Article