Christmas Special : Upto 40% OFF! + 2 free courses - SCHEDULE CALL
This blog talks about a collection of classes provided by Auth Namespace in Apex, which gives you a better understanding of authentication within Salesforce learning through a series of interview questions and answers. Let’s learn about the authentication landscape and the tools that ensure secure and seamless user experiences.
Ans: The Auth namespace provides interfaces and classes for Salesforce single sign-on and session security management. It has the following classes, interfaces, and enums.
AuthConfiguration Class:
The methods in this class allow users to format settings to log in to a Salesforce org using their personal authentication credentials rather than their Salesforce credentials. The authentication provider can be any authentication provider that supports the OpenID Connect protocol, such as Google, Facebook, or Twitter. Users log in to an Experience Cloud site or a custom MyDomain login URL. It has the namespace of "Auth."
AuthProviderCallbackState Class:
It provides the AuthProviderPlugin.handleCallback method with the request's HTTP headers, body, and query parameters for user verification. This class allows data groups to be passed rather than just the headers, body, and query parameters separately.
AuthProviderPlugin Interface:
This interface should not be used. Creating a new implementation for new development using the Auth is advised—AuthProviderPluginClass from the abstract class for a personalized OAuth-based authentication provider plug-in for Salesforce single sign-on.
AuthProviderPluginClass Class:
It provides instructions on how to build a custom OAuth-based authentication provider plug-in for Salesforce single sign-on. This class must be used if you cannot use one of the authentication providers Salesforce offers, and you should build a custom authentication provider plug-in.
AuthProviderTokenResponse Class:
Saves the response from the AuthProviderPlugin.handleCallback method.
AuthRefreshResult Class:
It saves the outcome of an AuthProviderPluginClass refresh method. A refresh token can be utilized to receive a new access token using OAuth authentication is offered. The session timeout value determines the lifetime of the access token. Refresh tokens can be used to get new access tokens after an expired access token.
RegistrationHandler Interface:
Salesforce offers the option to use an authentication provider, such as Facebook or Janrain, for single sign-on into Salesforce.
SamlJitHanlder Interface:
This interface primarily regulates and personalizes the Just-in-Time user provisioning logic during SAML single sign-on.
SessionManagement Class:
It provides:
SessionLevel Enum:
The SessionManagement.setSessionLevel method uses the Author—sessionLevel enum value.
UserData Class:
It saves user data for the Auth—registration Handler.
VerificationMethod Enum:
It provides the various ways that users can identify themselves when logging in. It can implement login pages, self-registration (and deregistration) verification procedures, and passwordless mobile access.
VerificationPolicy Enum:
An identity verification policy value is used by the SessionManagement.generateVerificationUrl method and is contained in the Auth—verificationPolicy enum.
VerificationResult Class:
It consists of the outcome of a verification challenge issued when you make your own Verify page. The challenge can be commenced by either the System.UserManagement.verifyPasswordlessLogin or System.UserManagement.verifySelfRegistration method.
AuthExceptions:
This namespace consists of some exception classes.
AuthToken Class:
It consists of methods for providing the access token related to an authentication provider for a verified user, except for the Janrain provider.
CommunitesUtil Class:
It consists of methods for acquiring information about an Experience Cloud user.
JWS Class:
It consists of methods that administer a digital signature to a JSON Web Token(JWT) using a JSON Web Signature(JWS) data structure. This class provides with JWT bearer token used to request an OAuth access token in the OAuth 2.0 JWT bearer token flow.
JWT Class:
It produces the JSON Claims Set in a JSON Web Token (JWT). It has the resulting Base64-encoded payload passed as an argument for creating an instance of the Auth.JWS class.
JWTBearerTokenExchange Class:
It consists of methods that POST the signed JWT bearer token to a token endpoint for an access token request in the OAuth 2.0 JWT bearer token flow.
LightningLoginEligibility Enum:
The Auth.SessionManagement.getLightningLoginEligibility method uses this enum's Lightning Login eligibility value.
LoginDiscoveryMethod Enum:
It consists of the methods used for user identity verification when the My Domain login process uses Login Discovery.
Ans: Below are some of the constructors of the AuthConfiguration Class.
Constructors |
Description |
Signature |
Return Value |
AuthConfiguration (communityOr CustomUrl, startUrl) |
An instance of the AuthConfiguration class is created using the specified URL for an Experience Cloud site or a My Domain subdomain and the beginning URL for authorized users. |
public AuthConfiguration (String communityOr CustomUrl, String startUrl) |
communityOr CustomUrl Type: String startUrl Type: String |
AuthConfiguration (networkId, startUrl) |
An instance of the AuthConfiguration class is created using the specified Experience Cloud site ID and authorized users beginning URL. |
public AuthConfiguration (Id networkId, String startUrl) |
networkId Type: Id startUrl Type: String |
Below is some of the methods of the AuthConfiguration Class which can be used to manage and personalize authentication for a Salesforce.
Methods |
Description |
Signature |
Return Value |
getAllowInternalUserLoginEnabled() |
Denotes whether the Experience Cloud site allows internal users to log in using the Experience Cloud site login page. To change the default setting, admins format it and allow internal users to log in directly and experience on the Login & Registration page in Experience Workspaces. |
public Boolean getAllowInternalUserLoginEnabled() |
Type: Boolean |
getAuthConfig() |
It displays the AuthConfig sObject, representing the authentication options for an Experience Cloud site or Salesforce My Domain subdomain. |
public AuthConfig getAuthConfig() |
Type: AuthConfig |
getAuthConfig Providers() |
It displays the series of authenticated providers configured for an Experience Cloud site or Salesforce My Domain subdomain. |
public List |
Type: List |
getAuthProviders() |
It displays the series of authenticated providers available for an Experience Cloud site or Salesforce My Domain subdomain. |
public List getAuthProviders() |
Type: List |
getAuthProviderSso DomainUrl (communityUrl, startUrl, developerName) |
It displays a single sign-on URL for an Experience Cloud site subdomain. |
public static String getAuthProviderSso DomainUrl (String communityUrl, String startUrl, String developerName) |
Type: String |
getAuthProviderSso Url( communityUrl, startUrl, developerName) |
It displays a single sign-on URL for an Experience Cloud site subdomain. |
public static String getAuthProviderSso Url(String communityUrl, String startUrl, String developerName) |
Type: String |
getBackground Color() |
It displays the background color of the sign-in page for the community. |
public String getBackground Color() |
Type: String |
getCertificateLogin Enabled(domainUrl) |
If certificate-based authentication is enabled for the My Domain URL, it displays true. |
public Boolean getCertificateLogin Enabled (String domainUrl) |
Type: Boolean |
getCertificateLogin Url(domainUrl, startUrl) |
If the org has certificate-based authentication enabled, then it displays a certificate-based authentication endpoint for My Domain URL. |
public static String getCertificateLogin Url(String domainUrl, String startUrl) |
Type: String |
getDefaultProfileFor Registration() |
It displays the profile ID allocated to new community users. |
public String getDefaultProfileFor Registration() |
Type: String |
getFooterText() |
It displays the text found at the bottom of a community’s login page. |
public String getFooterText() |
Type: String |
getForgotPassword Url() |
It gives back the URL of the Forgot Password page, whether it is custom or standard established by the administrator for an Experience Cloud site or portal. |
public String getForgotPassword Url() |
Type: String |
getLogoUrl() |
It gives the location of the icon image that appears at the bottom of a community’s login page. |
public String getLogoUrl() |
Type: String |
isCommunityUsing SiteAsContainer() |
When the Experience Cloud site uses Site.com pages, a true value is displayed. |
public Boolean isCommunityUsing SiteAsContainer() |
Type: Boolean |
Ans: Below are some of the constructors of the AuthProviderCallbackState class.
Constructors |
Description |
Signature |
Parameters |
AuthProviderCall backState (headers, body, queryParameters) |
With the authentication request's specified HTTP headers, body, and query parameters, an instance of the AuthProviderCall backState class is created. |
public AuthProviderCall backState ( Map |
headers Type: Map body Type: String queryParameters Type: Map |
Below are some of the properties of the AuthProviderCallbackState class.
Properties |
Description |
Signature |
Property value |
body |
The HTTP body of the authentication request |
public String body { get; set; } |
Type: String |
headers |
The HTTP headers of the authentication request |
public Map |
Type: Map |
queryParameters |
The HTTP queryParameters of the authentication request |
public Map |
Type: Map |
Ans: Below are some of the methods of the AuthProviderPlugin that, as of API version 39.0, are deprecated. AuthProviderPluginClass is used instead.
Methods |
Description |
Signature |
Return Value |
Usage |
getCustom MetadataType() |
Since API Version 39.0, it is no longer used. The corresponding method in Auth.Auth ProviderPlugin Class is used. |
public String getCustomMetadataType() |
Type: String |
It returns the name of the custom metadata type API for a Salesforce single sign-on authentication provider that uses custom OAuth. The getCustomMeta data type() method returns only the custom metadata type names. It does not return custom metadata record names. |
getUserInfo (authProvider Configuration, response) |
Since API Version 39.0, it is no longer used. The corresponding method in the Auth.Auth ProviderPlugin Class is used. |
public Auth.UserData getUserInfo (Map |
Type: Auth.UserData |
Information about the current user is returned from the custom authentication provider. The registration handler and additional authentication provider flows use this information. |
handleCallback(authProvider Configuration, callbackState) |
Since API Version 39.0, it is no longer used. The corresponding method in Auth.Auth ProviderPlugin Class is used. |
public Auth.Auth ProviderToken Response handleCallback(Map authProvider Configuration, Auth.Auth Provider CallbackState callbackState) |
Type: List |
The authentication provider supports an authentication protocol that returns an OAuth access token, OAuth secret, or refresh token. Additionally, the state that was provided when the request for the current user was made is returned. |
initiate(auth Provider Configuration, stateTo Propagate) |
Since API Version 39.0, it is no longer used. The corresponding method in Auth.Auth ProviderPlugin Class is used. |
public System. PageReference initiate(Map String stateToPropagate) |
Type: System. PageReference |
It provides the URL to which the user is forwarded during authentication. |
Technologies to empower you in pursuing your dream career are now here. Enroll in Salesforce certification and training courses to start refining your skills and laying a solid foundation in the application created by industry experts.
Ans: Below are some of the methods of the AuthProviderPlugin class. There is no DML support for these methods.
Methods |
Description |
Signature |
Return Value |
Usage |
getCustomMetadataType() |
It returns the name of the custom metadata type API for a Salesforce single sign-on authentication provider that uses custom OAuth. |
public String getCustomMetadataType() |
Type: String |
Only the custom metadata type names are returned by the getCustom Metadata type() method. It does not return custom metadata record names. |
getUserInfo (authProvider Configuration, response) |
It returns information about the active user from the custom authentication provider. The registration handler and additional authentication provider flows use this information. |
public Auth.UserData getUserInfo (Map |
Type: Auth.UserData |
This method must be used when extending the Auth.Auth ProviderPlugin Class while creating a custom authentication provider using API Version 39.0. |
handleCallback(authProvider Configuration, callbackState) |
The authentication provider supports an authentication protocol that returns an OAuth access token, OAuth secret, or refresh token. Additionally, the state that was provided when the request for the current user was made is returned. |
public Auth.Auth ProviderToken Response handleCallback(Map authProvider Configuration, Auth.Auth Provider CallbackState callbackState) |
Type: List |
This method must be used when extending the Auth.Auth ProviderPlugin Class while creating a custom authentication provider using API Version 39.0. |
initiate(auth Provider Configuration, stateTo Propagate) |
It provides the URL to which the user is forwarded during authentication. |
public System. PageReference initiates (Map String stateToPropagate) |
Type: System. PageReference |
This method must be used when extending the Auth.Auth ProviderPlugin Class while creating a custom authentication provider as of API Version 39.0. |
refresh(auth Provider Configuration, refreshToken) |
To update an access token already expired, a new access token is returned. |
public Auth.OAuth RefreshResult refresh(Map String refreshToken) |
Type: Auth.OAuth RefreshResult |
An Auth.OAuth RefreshResult is returned with the access token and refreshes token when a request is granted. If you receive a mistake, make sure the error string is set to the appropriate message. A NULL error string indicates there are no errors. The refresh method does not adhere to the typical OAuth refresh flow and only works with named credentials if the earlier request returns a 401. |
Ans: The Apex Auth Namespace provides classes and methods for implementing authentication and authorization mechanisms in Salesforce, including Single Sign-On (SSO) and OAuth 2.0.
Ans: SSO allows users to access multiple applications with a single set of credentials, while OAuth 2.0 is a protocol for granting third-party applications limited access to a user's resources without exposing their credentials. The Apex Auth Namespace supports both SSO and OAuth 2.0 for different authentication and authorization scenarios.
Ans: The commonly used classes for implementing SSO in Salesforce using the Apex Auth Namespace include Auth.AuthConfiguration, Auth.SamlJunction, and Auth.SamlJunctionManagement.
Ans: The Auth.OAuthPlugin class allows developers to extend and customize the OAuth 2.0 authentication process by implementing custom logic. It can be used to handle specific authentication scenarios.
A better understanding of the classes that Auth Namespace provides in Apex helps you secure user access and data protection. With the above-mentioned interview questions and answers relating to the Auth namespace in Apex and its classes, you get an overview of the salesforce learning. Sign up for the online Salesforce training course, by JanBask Training, for more details on Auth Namespace in Apex.
Must-Know Salesforce Apex Interview Questions and Answers
Interview Questions Based On Login Issues & Passwords
Top JWS and JWT Interview Questions and Answers
Interview Questions on Salesforce Data & File Storage Allocation
Cyber Security
QA
Salesforce
Business Analyst
MS SQL Server
Data Science
DevOps
Hadoop
Python
Artificial Intelligence
Machine Learning
Tableau
Download Syllabus
Get Complete Course Syllabus
Enroll For Demo Class
It will take less than a minute
Tutorials
Interviews
You must be logged in to post a comment