AuthToken Class

Contains methods for providing the access token associated with an authentication provider for an authenticated user, except for the Janrain provider.

Namespace

Auth

AuthToken Methods

The following are methods for AuthToken. All methods are static.

  • getAccessToken(authProviderId, providerName)
    Returns an access token for the current user using the specified 18-character identifier of an AuthProvider definition in your org and the proper name of the third party, such as Salesforce or Facebook. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.
  • getAccessTokenMap(authProviderId, providerName)
    Returns a map from the third-party identifier to the access token for the currently logged-in Salesforce user. The identifier value depends on the third party. For example, for Salesforce it would be the user ID, while for Facebook it would be the user number. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.
  • refreshAccessToken(authProviderId, providerName, oldAccessToken)
    Returns a map from the third-party identifier containing a refreshed access token for the currently logged-in Salesforce user. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.
  • revokeAccess(authProviderId, providerName, userId, remoteIdentifier)
    Revokes the access token for a specified social sign-on user from a third-party service such as Facebook©. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

getAccessToken(authProviderId, providerName)

Returns an access token for the current user using the specified 18-character identifier of an AuthProvider definition in your org and the proper name of the third party, such as Salesforce or Facebook. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

Signature

public static String getAccessToken(String authProviderId, String providerName)

Parameters

authProviderId
Type: String
providerName
Type: String
The proper name of the third party. For all providers except Janrain, the expected values are
  • Facebook
  • Salesforce
  • Open ID Connect
  • Microsoft Access Control Service
  • LinkedIn
  • Twitter
  • Google
For Janrain providers, the parameter value is the proper name of the third party used. Yahoo! is an example of a Janrain provider value.

Return Value

Type: String

getAccessTokenMap(authProviderId, providerName)

Returns a map from the third-party identifier to the access token for the currently logged-in Salesforce user. The identifier value depends on the third party. For example, for Salesforce it would be the user ID, while for Facebook it would be the user number. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

Signature

public static Map<String, String> getAccessTokenMap(String authProviderId, String providerName)

Parameters

authProviderId
Type: String
providerName
Type: String
The proper name of the third party. For all providers except Janrain, the expected values are
  • Facebook
  • Salesforce
  • Open ID Connect
  • Microsoft Access Control Service
  • LinkedIn
  • Twitter
  • Google
For Janrain providers, the parameter value is the proper name of the third party used. Yahoo! is an example of a Janrain provider value.

Return Value

Type: Map<String, String>

refreshAccessToken(authProviderId, providerName, oldAccessToken)

Returns a map from the third-party identifier containing a refreshed access token for the currently logged-in Salesforce user. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

Signature

public static Map<String, String> refreshAccessToken(String authProviderId, String providerName, String oldAccessToken)

Parameters

authProviderId
Type: String
providerName
Type: String
The proper name of the third party. For all providers except Janrain, the expected values are
  • Facebook
  • Salesforce
  • Open ID Connect
  • Microsoft Access Control Service
  • LinkedIn
  • Twitter
  • Google
For Janrain providers, the parameter value is the proper name of the third party used. Yahoo! is an example of a Janrain provider value.
oldAccessToken
Type: String

Return Value

Type: Map<String, String>

Usage

This method works when using Salesforce or an OpenID Connect provider, but not when using Facebook or Janrain. The returned map contains AccessToken and RefreshError keys. Evaluate the keys in the response to check if the request was successful. For a successful request, the RefreshError value is null, and AccessToken is a token value. For an unsuccessful request, the RefreshError value is an error message, and the AccessToken value is null.

When successful, this method updates the token stored in the database, which you can get using Auth.AuthToken.getAccessToken().

If you are using an OpenID Connect authentication provider, an id_token is not required in the response from the provider. If a Token Issuer is specified in the Auth. Provider settings and an id_token is provided anyway, Salesforce will verify it.

Example

String accessToken = Auth.AuthToken.getAccessToken('0SOD000000000De', 'Open ID connect');
Map<String, String> responseMap = Auth.AuthToken.refreshAccessToken('0SOD000000000De', 'Open ID connect', accessToken);

A successful request includes the access token in the response.

 (RefreshError,null)(AccessToken,00DD00000007BhE!AQkAQFzj...)

revokeAccess(authProviderId, providerName, userId, remoteIdentifier)

Revokes the access token for a specified social sign-on user from a third-party service such as Facebook©. Note that querying the ProviderType field on the AuthProvider object sometimes returns a value that differs from the expected provider name value. For example, for Open ID Connect providers, OpenIdConnect is the ProviderType value for the AuthProvider object, but the expected providerName is Open ID Connect.

Signature

public static Boolean revokeAccess(String authProviderId, String providerName, String userId, String remoteIdentifier)

Parameters

authProviderId
Type: String
The ID of the Auth. Provider in the Salesforce organization.
providerName
Type: String
The proper name of the third party. For all providers except Janrain, the expected values are
  • Facebook
  • Salesforce
  • Open ID Connect
  • Microsoft Access Control Service
  • LinkedIn
  • Twitter
  • Google
For Janrain providers, the parameter value is the proper name of the third party used. Yahoo! is an example of a Janrain provider value.
userId
Type: String
The 15-character ID for the user whose access is being revoked.
remoteIdentifier
Type: String
The unique ID for the user in the third-party system (this value is in the associated ThirdPartyAccountLink standard object).

Return Value

Type: Boolean

The return value is true if the revokeAccess() operation is successful; otherwise false.

Example

The following example revokes a Facebook user's access token.

Auth.AuthToken.revokeAccess('0SOxx00000#####', 'facebook', '005xx00000#####', 'ThirdPartyIdentifier_exist214176560#####');