An External Client represent the registration of your application on an external auth server
Think of it as NamedCredentials but for applications hosted outside of Salesforce. If you have been enjoying NamedCredentials while writting Apex, External Clients let you share the joy with your other colleagues.
External Clients allow Clients to get access_tokens for Auth Servers outside CYM-Identity (Salesforce Identity, Box.com, ...)
| Attribute | Required | Description |
|---|
| Name | Yes | A name for the External Client (this name is for display purposes only on the Salesforce UI) |
| ClientId__c | Yes | The client_id provided by the ExternalAuthServer |
| GrantTypes__c | Yes | Grant types which this client can use. These must be granted/allowed on the ExternalAuthServer |
| TokenEndpointAuthMethod__c | Yes | Authentication method used by this client during the token_request. It must be granted/allowed on the ExternalAuthServer |
| UserSubField__c | No | Not all ExternalAuthServers will accept the Salesforce UserIds as a sub, you can use a different field from the user object. For example, with Connected Apps, you need to use the Username field |
| ClientSub__c | No | In case you need to use a service_account or a technical_user as an identity for your application, you can use this field to provide the value. For example, with Connected Apps, you need to use a ApiOnly user to access Salesforce APIs as an application |
| CertificateFullname__c | No | The certificate name from the Certificate and Key Management in case you let Salesforce manage your External Client private/public key pair |
| Client | Yes | A Reference to the Client |
| ExternalAuthServer__c | Yes | A Reference to the ExternalAuthServer |