Apex Code Development You need to sign in to do that
Don't have an account?
Master 7 How to update OAuth2 scopes for Connected Apps in 2GP
I'm confused about how the configuration of connected apps in a 2GP work. I've found a couple helpful pages in the documentation, but feel I'm still missing some important details.
I currently have a 2GP that contains a connected app. This connected app is used to power a canvas app. This connected app is defined in a Metadata file. From the documentation I understood that the connected app is actually defined in a first-generation package (ref (https://developer.salesforce.com/docs/atlas.en-us.232.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_dev2gp_connected_app.htm)). So I have created a 1GP, added a connected app, released that package and then pulled the source into my 2GP. That all works fine.
However, now I'd like to add a scope to the OAuth scope of the connected app. This guide (https://developer.salesforce.com/docs/atlas.en-us.232.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_dev2gp_connected_app.htm)exists, but seems to be outdated or incorrect. When using these exact steps, the CLI states I am missing the required field contactEmail. The metadata api documentation (https://developer.salesforce.com/docs/atlas.en-us.api_meta.meta/api_meta/meta_connectedapp.htm#connectedAppOauthConfig_title) indeed indicates this as a required field, but doesn't make any mention of the version field.
I've tried many approaches, some examples:
I currently have a 2GP that contains a connected app. This connected app is used to power a canvas app. This connected app is defined in a Metadata file. From the documentation I understood that the connected app is actually defined in a first-generation package (ref (https://developer.salesforce.com/docs/atlas.en-us.232.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_dev2gp_connected_app.htm)). So I have created a 1GP, added a connected app, released that package and then pulled the source into my 2GP. That all works fine.
However, now I'd like to add a scope to the OAuth scope of the connected app. This guide (https://developer.salesforce.com/docs/atlas.en-us.232.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_dev2gp_connected_app.htm)exists, but seems to be outdated or incorrect. When using these exact steps, the CLI states I am missing the required field contactEmail. The metadata api documentation (https://developer.salesforce.com/docs/atlas.en-us.api_meta.meta/api_meta/meta_connectedapp.htm#connectedAppOauthConfig_title) indeed indicates this as a required field, but doesn't make any mention of the version field.
I've tried many approaches, some examples:
- Retrieve the connected app from the 1GP using force:source:retrieve
- Manually add the scope to the connected app's meta xml file
- Remove all details but developerName, label, contactEmail and version tags as stated in this guide (https://developer.salesforce.com/docs/atlas.en-us.232.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_dev2gp_connected_app.htm)
- Naming the meta xml file using the format <namespace>__<developer name>.connectedApp-meta.xml
- Name the developerName including or excluding namespace
In some occasions, the system created a new connected app in the scratch org when pushing the sources. This app then has the right scopes, but cannot be packaged (2GP) due to this issue.
In other occasions, the system seemed to copy the connected app from the 1GP. I see this because it copied the canvas URL from there. However, this connected app then doesn't use the latest version and is missing the updated OAuth2 scopes. Changing the version tag does not make any difference. I know about note at the bottom of the previously mentioned guide.
My questions:
- What property of the metadata XML file determines whether the Connected App should use the XML definitions or use the existing Connected App from the 1GP? The filename or the tags in the XML file itself?
- Does the Connected App metadata have a version tag?
- What are the exact steps to update a connected app, or another object, in a 2GP?
Kind regards!