sf-connected-apps_skill

This skill helps you generate and validate Salesforce Connected Apps and External Client Apps with secure OAuth configuration and scoring.
  • Python

67

GitHub Stars

4

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill jaganpro/sf-skills --skill sf-connected-apps

  • CREDITS.md2.8 KB
  • LICENSE1.1 KB
  • README.md3.2 KB
  • SKILL.md13.4 KB

Overview

This skill creates and manages Salesforce Connected Apps and External Client Apps (ECAs) with built-in OAuth configuration, security validation, and a 120-point scoring system. It automates template selection, metadata generation, and deployment guidance so integrations meet security and packaging requirements. Use it to standardize OAuth flows, enforce best practices, and migrate legacy connected apps to the modern ECA model.

How this skill works

The skill asks a short set of questions (app type, OAuth flow, use case, scopes, distribution) then scans the project for existing connectedApp and ECA metadata. It selects an appropriate template, generates the required metadata files in the correct folder, and runs a 120-point security and metadata scoring process across six categories. Finally it outputs deployment steps, score thresholds, and next actions including testing and cutover guidance.

When to use it

  • Configuring OAuth flows for web, mobile, CI/CD, or server-to-server integrations
  • Creating new integrations that require secure secret and certificate management
  • Migrating single-org Connected Apps to External Client Apps for multi-org/ISV use
  • Validating security posture and blocking risky apps below threshold
  • Automating metadata generation for deployment pipelines

Best practices

  • Prefer External Client Apps for multi-org, ISV, or regulated environments
  • Enforce PKCE for public clients and use certificates for JWT bearer flows
  • Use minimal scopes (least privilege) and avoid the Full scope
  • Never commit consumer secrets to source control; use named credentials or environment variables
  • Enable token rotation and configure IP restrictions where feasible

Example use cases

  • Create a JWT Bearer connected app for CI/CD or service account automation
  • Generate an ECA with PKCE enabled for a single-page application distributed via 2GP
  • Run a security validation and scoring report before promoting an app to production
  • Migrate a legacy Connected App to an ECA with parallel deployment and cutover plan
  • Produce metadata files in force-app/main/default for automated deploys

FAQ

A score of 80 or higher is considered production-ready; 54–79 requires review and below 54 should be fixed before deployment.

When should I choose an External Client App over a Connected App?

Choose ECAs for multi-org distribution, stronger secret management, API-driven key rotation, audit requirements, or when using 2GP packaging.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational