Name | Yes | The Realm name used internally within Salesforce by your administrators |
Name__c | Yes | The Realm name used externally. Must not include any spaces or special characters since it'll be part of the URL structure for the endpoints |
Community__c | Yes | The community which will host the Realm created. The realm will inherit the URL (and custom domains) of the community |
Url__c | Yes | A domain from the Community to which the Realm will be tied to. The Realm will reject all requests from URLs different than this one |
AccessTokenExpirationTime__c | Yes | The default setting Applications will have when using the Dynamic Client Registration endpoint or if an admin does not define a specific application access_token_expiration_time |
AccessTokenSigningAlgValue__c | Yes | The default access_token signing algorithm to be assigned to new applications created through Dynamic Client Registration or if an admin does not define a specific application access_token_signing_alg_value |
AccessTokenPolicy__c | Yes | Depending on your security context, you can define the policy to storing access_tokens . no-store (default): No access_token is stored. All tokens are stateless.blacklist : Only revoked access_tokens are stored.whitelist : all access_tokens are stored. Tokens generated by ExternalAuthServer s are always saved. |
RefreshTokenExpirationTime__c | Yes | The default setting Applications will have when using the Dynamic Client Registration endpoint or if an admin does not define a specific application refresh_token_expiration_time |
IsAdminApproved__c | Yes | The default setting Applications will have when using the Dynamic Client Registrationendpoint. If checked, the Realm will show a consent screen to the user before issuing any tokens |
ResponseTypes__c | Yes | A list of response_type s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint |
GrantTypes__c | Yes | A list of grant_type s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint |
ResponseModes__c | Yes | A list of response_mode s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint |
TokenEndpointAuthMethods__c | Yes | A list of token_endpoint_auth_method s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint |
TokenEndpointAuthSigning__c | No | A list of token_endpoint_auth_signing_alg s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint. Required if the token_endpoint_auth_methods include either private_key_jwt or client_secret_jwt |
RevocationEndpointAuthMethods__c | Yes | A list of revocation_endpoint_auth_method s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint |
RevocationEndpointAuthSigning__c | No | A list of revocation_endpoint_auth_signing_alg s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint. Required if the revocation_endpoint_auth_methods include either private_key_jwt or client_secret_jwt |
IntrospectionEndpointAuthMethods__c | Yes | A list of introspection_endpoint_auth_method s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint |
IntrospectionEndpointAuthSigning__c | No | A list of introspection_endpoint_auth_signing_alg s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint. Required if the introspection_endpoint_auth_methods include either private_key_jwt or client_secret_jwt |
IdTokenExpirationTime__c | Yes | The default setting Applications will have when using the Dynamic Client Registration endpoint or if an admin does not define a specific application id_token_expiration_Time |
IdTokenSigningAlgValues__c | Yes | A list of id_token_signing_alg s allowed by the Realm. Will be displayed on the OpenID Discovery document and will restrict the values Clients use on the Dynamic Client Registration endpoint. |
IdTokenIncludeClaims__c | No | A Boolean which indicates if by default clients registered through Dynamic Client Registration should receive user claims in the id_token |
IdTokenIncludeInRefreshToken__c | No | A Boolean which indicates if by default clients registered through Dynamic Client Registration should receive an id_token on each refresh_token flow |
SubjectTypes__c | Yes | Subject type for applications. Only public is supported now |
Config__c | No | Stores the Realm custom configuration. Read more on the Extensions section |
ResourceServer__c | No | A Resource Server from the Realm which protects the Realm's protected resources (client_registration for example). Refer to Dynamic Client Registration for more information |