67
GitHub Stars
4
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill jaganpro/sf-skills --skill sf-connected-apps- CREDITS.md2.8 KB
- LICENSE1.1 KB
- README.md3.2 KB
- SKILL.md13.4 KB
Overview
This skill creates and manages Salesforce Connected Apps and External Client Apps (ECAs) with built-in OAuth configuration, security validation, and a 120-point scoring system. It automates template selection, metadata generation, and deployment guidance so integrations meet security and packaging requirements. Use it to standardize OAuth flows, enforce best practices, and migrate legacy connected apps to the modern ECA model.
How this skill works
The skill asks a short set of questions (app type, OAuth flow, use case, scopes, distribution) then scans the project for existing connectedApp and ECA metadata. It selects an appropriate template, generates the required metadata files in the correct folder, and runs a 120-point security and metadata scoring process across six categories. Finally it outputs deployment steps, score thresholds, and next actions including testing and cutover guidance.
When to use it
- Configuring OAuth flows for web, mobile, CI/CD, or server-to-server integrations
- Creating new integrations that require secure secret and certificate management
- Migrating single-org Connected Apps to External Client Apps for multi-org/ISV use
- Validating security posture and blocking risky apps below threshold
- Automating metadata generation for deployment pipelines
Best practices
- Prefer External Client Apps for multi-org, ISV, or regulated environments
- Enforce PKCE for public clients and use certificates for JWT bearer flows
- Use minimal scopes (least privilege) and avoid the Full scope
- Never commit consumer secrets to source control; use named credentials or environment variables
- Enable token rotation and configure IP restrictions where feasible
Example use cases
- Create a JWT Bearer connected app for CI/CD or service account automation
- Generate an ECA with PKCE enabled for a single-page application distributed via 2GP
- Run a security validation and scoring report before promoting an app to production
- Migrate a legacy Connected App to an ECA with parallel deployment and cutover plan
- Produce metadata files in force-app/main/default for automated deploys
FAQ
A score of 80 or higher is considered production-ready; 54–79 requires review and below 54 should be fixed before deployment.
When should I choose an External Client App over a Connected App?
Choose ECAs for multi-org distribution, stronger secret management, API-driven key rotation, audit requirements, or when using 2GP packaging.