HomeProductsDocsPlayground
Fundamentals
Authentication
Authorization
Session Management
Profile Management
Logout
Branding
Custom domain
Login
Consent
MFA
Consent Experience
When the user is trying to access a third party application (a Client which is not admin approved), you must collect the user's consent before allowing her to move forward.
We have all experienced this. For example, if you visit https://medium.com and try to login with your Google Account. The very first time, Google will prompt you to 'allow' or 'deny' that your personal information be shared with Medium. This is a standard oAuth2 consent process.
CYM-Identity provides a hook where you can choose a custom page where the user would be redirected in order to collect this consent.
Right now, we only provide a programmatic way to specify the page.
In each Realm, you'll need to assign a plugin Handler which will respond to the action get:consent:page.
Below is an example of a Controller which handles the LWC requests coming from the UI.
public with sharing class ApprovalController {
  // Get the list of scopes that pertain to the request
  // Some of the scopes may already be approved by the user
  @AuraEnabled
  public static Map<String, Object> init(String startURL){
    try {
      Map<String, String[]> scopes = new Map<String, String[]> ();
      // Get a hold of the AuthorizationContext
      cym.AuthorizationContext context = cym.AuthorizationContext.getContext(startURL);
      // List the scopes from the request
      scopes.put('requested', context.request.scope);
      // List the scopes which the user has already approved. 
      scopes.put('existing', context.consent.scopes);
      return new Map<String, Object> {
        'scopes' => scopes,
        'client' => JSON.deserializeUntyped(JSON.serialize(context.client))
      };
    } catch (Exception e) {
      throw new AuraHandledException(e.getMessage());
    }
  }
  // Method called to save the user consent
  @AuraEnabled
  public static void save(String startURL){
    try {
      cym.AuthorizationContext context = cym.AuthorizationContext.getContext(startURL);
      context.consent.add(context.request.scope);
    } catch (Exception e) {
      throw new AuraHandledException(e.getMessage());
    }
  }
}
The full example is available in our Github Repo

Products

AuthenticationMultifactor AuthenticationBrandingApplication ManagementAPI Management

Documentation

FundamentalsGuidesDevelopObject ReferenceClass Reference