function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
MeWorkingmanMeWorkingman 

Named Credentials/Auth. Providers and Managed Packages

I have a number of problems/questions that I'm facing with respect to Named Credentials/Auth. Providers in my managed package. I'll cover my first problem here.

I have created a Connected App and included it in our managed package.

Now, because the URL is different for each of our clients, we must create a new Named Credential in each installed org - we can't put it into the managed package. Also, since Auth. Providers can't be included in managed packages, we must create a new Auth. Provider in each installed org. The Auth. Provider is using Salesforce OAuth authentication and is saved with a Callback URL which Salesforce generates. When I tested this in the org where I created the managed package, I had to copy that generated Callback URL into the Callback URL list of my Connected App. This raises a problem: I can't edit the Callback URL list of the Connected App in the org into which I've installed the Connected App - it's in the managed package so Salesforce won't allow editing of that list.

So my question: is there a way to edit the Callback URL list of the Connected App in the managed package? If not, is there any other work-around other than adding the Callback URL from the Auth. Provider to my Connected App and generating a new version of the package?

Thanks in advance for any help/insight.
MeWorkingmanMeWorkingman
Since the only work-around that I could figure out: "adding the Salesforce-generated Callback URL to the Callback URL List in my managed package Connecte App and then generate a new managed package" was way to onerous (we don't want to be generating a new managed package for each of our hundreds of clients), I decided to try to create a new Auth Provider that uses Salesforce-Managed Values as described in this article: https://help.salesforce.com/articleView?id=sso_provider_global_auth.htm&type=5. I figured I could use these values instead of creating my own Connected App. So I created a new Auth Provider following the instructions given in the above link. However, when I try to save the Named Credential that is using that Auth Provider, I get an error page that says: "Problem Logging In. We can't log you in because of an authentication error. For help, contact your Salesforce Administrator." The URL includes this in the path: /_nc_external/identity/sso/ui/AuthorizationError?ErrorCode=Bad_Scopes.

Does anybody have any experience with this that could help me figure out what the problem is?

Thanks.
scottbcovertscottbcovert
Based on the error code it seems like you need to play with the 'Default Scopes' attribute of your Auth Provider - you're probably missing some required access. Perhaps you could also edit your API (and the Apex code that utilizes the named credential for callouts to your API) to have the same endpoint for all clients and just append the company name in the header using UserInfo.getOrganizationName() - that may simplify your flow. Good luck!