The Auth namespace provides an interface and
classes for single sign-on into Salesforce and session security management.
The following is the interface in the Auth namespace.
AuthConfiguration Class
Contains methods for configuring settings for users to log in to a Salesforce org using their authentication provider credentials instead of their Salesforce credentials. The authentication provider can be any authentication provider that supports the OpenID Connect protocol, such as Google, Facebook, or Twitter. Users log in to either a community subdomain of the force.com domain (https://subdomain.force.com) or a Salesforce subdomain created with My Domain (https://subdomain.my.salesforce.com).
AuthProviderCallbackState Class
Provides request HTTP headers, body, and query parameters to the AuthProviderPlugin.handleCallback method for user authentication. This class allows you to group the information passed in rather than passing headers, body, and query parameters individually.
AuthProviderPlugin Interface
This interface is deprecated. For new development, use the abstract class Auth.AuthProviderPluginClass to create a custom OAuth-based authentication provider plug-in for single sign-on in to Salesforce.
AuthProviderPluginClass Class
Contains methods to create a custom OAuth-based authentication provider plug-in for single sign-on in to Salesforce. Use this class to create a custom authentication provider plug-in if you can’t use one of the authentication providers that Salesforce provides.
AuthToken Class
Contains methods for providing the access token associated with an authentication provider for an authenticated user, except for the Janrain provider.
CommunitiesUtil Class
Contains methods for getting information about a community user.
ConfigurableSelfRegHandler Interface
Gives you more control over how visitors self-register for your community by creating a class that implements Auth.ConfigurableSelfRegHandler. You choose the user information to collect, and how users identify themselves—with their email address, phone number, or another identifier. Once verified, you create a new external user and log the user in to your community.
ConnectedAppPlugin Class
Contains methods for extending the behavior of a connected app, for example, customizing how a connected app is invoked depending on the protocol used. This class gives you more control over the interaction between Salesforce and your connected app.
InvocationContext Enum
The context in which the connected app is invoked, such as the protocol flow used and the token type issued, if any. Developers can use the context information to write code that is unique to the type of invocation.
JWS Class
Contains methods that apply a digital signature to a JSON Web Token (JWT), using a JSON Web Signature (JWS) data structure. This class creates the signed JWT bearer token, which can be used to request an OAuth access token in the OAuth 2.0 JWT bearer token flow.
JWT Class
Generates the JSON Claims Set in a JSON Web Token (JWT). The resulting Base64-encoded payload can be passed as an argument to create an instance of the Auth.JWS class.
JWTBearerTokenExchange Class
Contains methods that POST the signed JWT bearer token to a token endpoint to request an access token, in the OAuth 2.0 JWT bearer token flow.
LightningLoginEligibility Enum
Contains a Lightning Login eligibility value used by the Auth.SessionManagement.getLightningLoginEligibility method.
LoginDiscoveryHandler Interface
Salesforce gives you the ability to log in users based on other verification methods than username and password. For example, it can prompt users to log in with their email, phone number, or another identifier like a Federation ID or device identifier. Login Discovery is available to all external user licenses, including Customer Community, Customer Community Plus, External Identity, Partner Community, and Partner Community Plus.
LoginDiscoveryMethod Enum
Contains methods used to verify the user’s identity when the My Domain login process uses Login Discovery.
MyDomainLoginDiscoveryHandler Interface
The handler used to implement the My Domain Login Discovery page, which is an interview-based (two-step) login process. First the user is prompted for a unique identifier such as an email address or phone number. Then the handler determines (discovers) how to authenticate the user. Either the user enters a password or is directed to an identity provider’s login page.
OAuthRefreshResult Class
Stores the result of an AuthProviderPluginClass refresh method. OAuth authentication flow provides a refresh token that can be used to get a new access token. Access tokens have a limited lifetime as specified by the session timeout value. When an access token expires, use a refresh token to get a new access token.
SamlJitHandler Interface
Use this interface to control and customize Just-in-Time user provisioning logic during SAML single sign-on.
SessionManagement Class
Contains methods for verifying users’ identity, creating custom login flows, customizing security levels, and defining trusted IP ranges for a current session.
SessionLevel Enum
An Auth.SessionLevel enum value is used by the SessionManagement.setSessionLevel method.
UserData Class
Stores user information for Auth.RegistrationHandler.
VerificationMethod Enum
Contains the different ways users can identify themselves when logging in. You can use it to implement mobile-centric passwordless login pages and to self-register (and deregister) verification methods.
VerificationPolicy Enum
The Auth.VerificationPolicy enum contains an identity verification policy value used by the SessionManagement.generateVerificationUrl method.
VerificationResult Class Contains the result of a verification challenge that you invoke when you create your own Verify page. The challenge can be initiated by either the System.UserManagement.verifyPasswordlessLogin or System.UserManagement.verifySelfRegistration method.
Auth Exceptions
The Auth namespace contains some exception classes.