You need to sign in to do that
Don't have an account?
Josip Juric87
Custom Connected App Handler
Hi there,
I need a custom Connected App authorization mechanism (depending on certain data in the org, I want to accept or reject the authorization for a user). Now, I understand this could maybe be achieved by implementing the Auth.ConnectedAppPlugin and setting it as the Custom Connected App Handler for my Connected App. Unfortunately, there are no resources explaining details about the implementation of this interface, and it's not really working for me. I have 2 question:
Question 1)
I have created a test version of the handler-class, where the authorize() simply always returns false:
In the next step I have changed the implementation to always return true. After that, the user was able to authorize.
In the final step I have changed the implementation back to return false. After that, the user was still able to authorize!
Why is that? Can this be avoided somehow?
Question 2)
How can I prevent authorization in the refresh process? My guess is, when the refresh token is used, then the authorize() is not called, but instead the refresh() is called. Unfortunately, the refresh() method is a void-method.
Am I supposed to throw an exception here, in case of rejection of the refresh, or is this an information-only method, and there no way to prevent the rejection?
I need a custom Connected App authorization mechanism (depending on certain data in the org, I want to accept or reject the authorization for a user). Now, I understand this could maybe be achieved by implementing the Auth.ConnectedAppPlugin and setting it as the Custom Connected App Handler for my Connected App. Unfortunately, there are no resources explaining details about the implementation of this interface, and it's not really working for me. I have 2 question:
Question 1)
I have created a test version of the handler-class, where the authorize() simply always returns false:
public override Boolean authorize(Id userId, Id connectedAppId, Boolean isAdminApproved) { return false; } public override Boolean authorize(Id userId, Id connectedAppId, Boolean isAdminApproved, Auth.InvocationContext context) { return false; }When the user tries to authorize for the first time, this fails.
In the next step I have changed the implementation to always return true. After that, the user was able to authorize.
In the final step I have changed the implementation back to return false. After that, the user was still able to authorize!
Why is that? Can this be avoided somehow?
Question 2)
How can I prevent authorization in the refresh process? My guess is, when the refresh token is used, then the authorize() is not called, but instead the refresh() is called. Unfortunately, the refresh() method is a void-method.
Am I supposed to throw an exception here, in case of rejection of the refresh, or is this an information-only method, and there no way to prevent the rejection?