Auth Exceptions

The Auth namespace contains some exception classes.

All exception classes support built-in methods for returning the error message and exception type. See Exception Class and Built-In Exceptions.

The Auth namespace contains the following exception.

Exception Description
Auth.​AuthProviderPluginException Throw this exception to indicate that an error occurred when using the auth provider plug-in. Use to display a custom error message to the user. To get the error message and write it to debug log, use the String getMessage().
Auth.​ConnectedAppPlugin​Exception Throw this exception to indicate that an error occurred while running the custom behavior for a connected app. To get the error message and write it to debug log, use the String getMessage().
Auth.DiscoveryCustomErrorException Throw this exception to customize error messages that appear on Discovery logins and Configurable Self-Registration pages. An error message can have up to 200 characters. Use custom error exceptions to localize error messages.
Include this exception in:
  • Auth.MyDomainLoginDiscoveryHandler to show a custom error message on the My Domain login page
  • Auth.LoginDiscoveryHandler to show an error message on Communities login page
  • Auth.ConfigurableSelfRegHandler to show an error message on community self-registration Verify page
The Verify page shows up if you configured self-registration with either an Email or Text Message verification method. If you didn’t set up sign-up with a verification method, the error message appears on the self-registration page.

To get the error message and write it to debug log, use the String getMessage().

Auth.JWTBearerTokenExchange.​JWTBearerTokenExchangeException​ Throw this exception to indicate a problem with the response from the token endpoint in the JWTBearerTokenExchange class. This exception occurs during the OAuth 2.0 JWT bearer token flow when the HTTP response:
  • Fails to return an access token
  • Is not in JSON format
  • Returns a response code other than a 200 “OK” success code

To get the error message and write it to debug log, use the String getMessage().

Auth.LoginDiscoveryException Throw this exception to indicate that an error occurred when executing the Login Discovery handler. For an example, see LoginDiscoveryHandler Example Implementation. To get the error message and write it to debug log, use the String getMessage().
Auth.VerificationException Throw this exception to trigger verification based on the passed-in policy. You can throw this exception in an Apex trigger or Visualforce controller. The system automatically sends you to the verification endpoint, if possible.
Note

Note

You cannot catch this exception. The exception immediately triggers the verification.

Examples

This example uses AuthProviderPluginException to throw a custom exception in a custom authentication provider implementation. Use this exception if you want the end user to see a specific message, passing in the error message as a parameter. If you use another exception, users see a standard Salesforce error message.

global override Auth.OAuthRefreshResult refresh(Map<string,string> authProviderConfiguration,String refreshToken){
            HttpRequest req = new HttpRequest();
            String accessToken = null;
            String error  = null;
            try {
            
            // DEVELOPER TODO: Make a refresh token flow using refreshToken passed 
            // in as an argument to get the new access token
            // accessToken = ... 
            } catch (System.CalloutException e) {
            error = e.getMessage();
            }
            catch(Exception e) {
            error = e.getMessage();
            throw new Auth.AuthProviderPluginException('My custom error');
            }
            
            return new Auth.OAuthRefreshResult(accessToken,refreshToken, error);                
            }

This example uses Auth.VerificationException to trigger verification if a user attempts to create an account without a high assurance session.

trigger testTrigger on Account (before insert) {
    Map<String, String> sessionMap = auth.SessionManagement.getCurrentSession();
    if(!sessionMap.get('SessionSecurityLevel').equals('HIGH_ASSURANCE')) {
        throw new Auth.VerificationException(
            Auth.VerificationPolicy.HIGH_ASSURANCE, 'Insert Account');
    }
}