Skip to content

feat(auth): allow to link connected apps to a user W-18394868 #1188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jun 12, 2025
Merged

feat(auth): allow to link connected apps to a user W-18394868 #1188

merged 11 commits into from
Jun 12, 2025

Conversation

cristiand391
Copy link
Member

@cristiand391 cristiand391 commented May 14, 2025
edited
Loading

What does this PR do?

ref:

Doc: https://salesforce.quip.com/sUaFAknyDkue

This PR adds support for linking connected apps/ECAs to an authenticated user, allowing consumers to switch to a specific app for oauth-specific requirements like JWT-based access tokens, specific API scopes, etc.

Updates:

AuthInfo

Adds a new apps property that contains an object of CA/ECAs with oauth info needed for requests.
For the scope of this PR, the only supported way to add new apps is via the web server flow (see linked plugin-auth PR ⬆️ )

Connection:

Adds an app property to support picking up a linked app in the provided auth info:

  const authInfo = await AuthInfo.create({
    username: '[email protected]',
  });

  // get oauth creds from the main connected app in auth (opaque tokens)
  const conn = await Connection.create({
    authInfo,
  });

  // get oauth creds from the linked `agent-jwt-app`
  const jwtConn = await Connection.create({
    authInfo,
    app: 'agent-jwt-app',
  });

WebOAuthServer

Add support for linking apps to an authenticated users via the web server flow.
Before:
Web server only handled 1st time auth, always creating a new auth file
After
If you pass app and username params, after a successful auth in the browser it will save the oauth info in authinfo.apps[app].

What issues does this PR fix or reference?

@W-18394868@

@cristiand391 cristiand391 changed the title feat(auth): allow multiple app W-18394868 feat(auth): allow to link connected apps to a user W-18394868 Jun 6, 2025
@cristiand391 cristiand391 marked this pull request as ready for review June 6, 2025 17:45
@cristiand391 cristiand391 requested a review from a team as a code owner June 6, 2025 17:45
WillieRuemmele
WillieRuemmele previously approved these changes Jun 6, 2025
View reviewed changes
This was referenced Jun 9, 2025
Merged
Merged
WillieRuemmele
WillieRuemmele previously approved these changes Jun 9, 2025
View reviewed changes
@WillieRuemmele
Copy link
Member

QA Notes

applies to three PRs

✅ : flag validation
✅ : invalid/unauth'd --username passed
✅ : invalid access token error message
✅ : refresh'd auth correctly
✅ : agent preview --app <incorrect app name> nice error message
✅ : multiple-app auth saves each separately
✅ : reauth with same app name error message
image
✅ : SFDX_AUTH_SCOPES="..." works to set scopes without flag
✅ : no interruption to normal command without new flags

@cristiand391 cristiand391 merged commit 9c369a4 into main Jun 12, 2025
185 of 193 checks passed
@cristiand391 cristiand391 deleted the cd/multi-auth branch June 12, 2025 15:38
@cristiand391
Copy link
Member Author

the last retrieve NUTs failures are the concurrent api error, same NUTs were passing on previous commits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WillieRuemmele WillieRuemmele WillieRuemmele left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cristiand391 @WillieRuemmele @svc-cli-bot