AuthProvider

Represents an authentication provider in your org.

An authentication provider enables users to log in to your Salesforce org using their login credentials from an external service provider, such as Facebook© or Janrain©.

Supported Calls

create()delete()describeSObjects()query()retrieve()update()upsert()

Special Access Rules

Only users with the “Customize Application” and “Manage AuthProviders” permissions can access this object.

Fields

Field Name Details
AuthorizeUrl
Type
url
Properties
Create, Filter, Nillable, Sort, Update
Description
Required, but only if ProviderType is OpenIdConnect. The OAuth authorization endpoint URL. Used only with OpenID Connect authentication providers. Available in API version 29.0 and later.
ConsumerKey
Type
string
Properties
Create, Filter, Nillable, Sort, Update
Description
Required. The app’s key that is registered at the third-party Single Sign-On provider.
ConsumerSecret
Type
string
Properties
Create, Nillable
Description
Required. The consumer secret of the app that is registered at the third-party Single Sign-On provider. This field cannot be updated. When using create() this field must be encrypted. To create an encrypted form of the consumer secret from plain text:
  1. Create an authentication provider with the ConsumerSecret plain text value.
  2. Save the authentication provider.
  3. Create an outbound change set that includes the authentication provider component.
The new change set .xml file has an entry in the form <consumerSecret>++XYZ++</consumerSecret> where ++XYZ++ is the encrypted secret.
CustomMetadataTypeRecord
Type
string
Properties
Create, Filter, Group, Nillable, Sort, Update
Description
Required, but only with custom authentication provider plug-ins, when ProviderType is Custom. The API name of the authentication provider. Available in API version 36.0 and later.
DefaultScopes
Type
string
Properties
Create, Filter, Nillable, Sort, Update
Description

Required, but only if ProviderType is OpenIdConnect The scopes to be sent with the authorization request, if not specified when a flow is started. Used only with OpenID Connect authentication providers. Available in API version 29.0 and later.

DeveloperName
Type
string
Properties
Create, Filter, Group, Sort, Update
Description

Required. Used when referring to the authentication provider from a program.

ErrorUrl
Type
string
Properties
Create, Filter, Nillable, Sort, Update
Description

A custom error URL for the authentication provider to use to report any errors.

ExecutionUserId
Type
reference
Properties
Create, Filter, Group, Nillable, Sort, Update
Description

The user that runs the Apex handler class. The user must have the “Manage Users” permission. A user is required when you specify a registration handler class.

FriendlyName
Type
string
Properties
Create, Filter, Group, Sort, Update
Description

Required. A user-friendly name for the provider.

IconUrl
Type
url
Properties
Create, Filter, Nillable, Sort, Update
Description

The path to an icon to use as a button on the login page. Users click the button to log in with the associated authentication provider.

IdTokenIssuer
Type
string
Properties
Create, Filter, Nillable, Sort, Update
Description

Only available if ProviderType is OpenIdConnect. This value identifies the source of the authentication token in the form https: URI. Used only with OpenID Connect authentication providers. If provided, Salesforce validates the returned id_token value. The OpenID Connect specification requires an id_token value to be returned with the access_token value. Available in API version 30.0 and later.

LinkKickoffUrl
Type
url
Properties
Nillable
Description
Provides the URL for linking existing Salesforce users to a third-party account. This field is read-only. Available in API version 43.0 and later.
LogoutUrl
Type
url
Properties
Create, Filter, Nillable, Sort, Update
Description
Provides a specific destination for users after they log out if they authenticated using social sign-on. The URL must be fully qualified with an http or https prefix, such as https://acme.my.salesforce.com. Available in API version 33.0 and later.
OauthKickoffUrl
Type
url
Properties
Nillable
Description
Provides the URL for obtaining OAuth access tokens for a third party. This field is read-only. Available in API version 43.0 and later.
OptionsIncludeOrgIdInId
Type
boolean
Properties
Create, Filter, Update
Description

Includes the organization ID to differentiate between users with the same user ID from two sources (such as two sandboxes). Only available for Salesforce authentication providers. Once set to true, it can’t be set to false. Available in API version 32.0 and later.

OptionsSendAccessTokenInHeader
Type
boolean
Properties
Create, Filter, Update
Description

Required only if ProviderType is OpenIdConnect. When true, the access token is sent to the UserInfoUrl in a header instead of a query string. Used only with OpenID Connect authentication providers. Available in API version 30.0 and later.

OptionsSendClientCredentialsInHeader
Type
boolean
Properties
Create, Filter, Update
Description

Required only if ProviderType is OpenIdConnect. When true, the client credentials are sent in a header, instead of a query string, to the tokenUrl. The credentials are in the standard OpenID Connect Basic Credentials header form, which is Basic <token>, where <token> is the base64-encoded string "clientkey:clientsecret". Used only with OpenID Connect authentication providers. Available in API version 30.0 and later.

ProviderType
Type
picklist
Properties
Create, Filter, Group, Restricted picklist, Sort, Update
Description
Required. The third-party Single Sign-On provider to use. Valid values are:
  • Facebook
  • Salesforce
  • Janrain
  • LinkedIn (Available in API version 32.0 and later.)
  • Twitter (Available in API version 32.0 and later.)
  • OpenIdConnect (Available in API version 29.0 and later.)
    Note

    Note

    This type requires values for the following fields:

    • AuthorizeUrl
    • DefaultScopes
    • TokenUrl
    • UserInfoUrl

  • MicrosoftACS Microsoft Access Control Service typically provides authentication for a Microsoft Office 365 service like SharePoint® Online. (Available in API version 31.0 and later.)
  • GitHubUse the GitHub provider to log in users of your Lightning Platform app to GitHub using OAuth. When logged in to GitHub, your app can make calls to GitHub APIs. The GitHub provider isn’t available as a single sign-on provider, so users can’t log in to your Salesforce org using their GitHub login credentials. (Available in API version 35.0 and later.)
  • Custom (Available in API version 36.0 and later.)
PluginId
Type
reference
Properties
Create, Filter, Group, Nillable, Sort, Update
Description
An existing Apex class that extends the Auth.AuthProviderPluginClass abstract class. Available in API version 39.0 and later.
RegistrationHandlerId
Type
reference
Properties
Create, Filter, Group, Nillable, Sort, Update
Description

An existing Apex class that implements the Auth.RegistrationHandler interface.

SsoKickoffUrl
Type
url
Properties
Nillable
Description
Provides the URL for performing single sign-on into Salesforce from a third party by using its third-party credentials. This field is read-only. Available in API version 43.0 and later.
TokenUrl
Type
url
Properties
Create, Filter, Nillable, Sort, Update
Description
Required, but only if ProviderType is OpenIdConnect. The OAuth token endpoint URL. Used only with OpenID Connect authentication providers. Available in API version 29.0 and later.
UserInfoUrl
Type
url
Properties
Create, Filter, Nillable, Sort, Update
Description

Required, but only if Provider-type is OpenIdConnect. The OpenID Connect endpoint URL. Used only with OpenID Connect authentication providers. Available in API version 29.0 and later.