feat: allow updating Auth Provider Consumer Key and Secret

and enabling Authentication service for Auth Provider

Author: amtrack

CONTRIBUTING.md

@@ -165,6 +165,16 @@ The execution will apply as few changes as necessary and so you will be able to
 Both the result of the `retrieve` function and the argument of the `apply` function are objects in the format defined in your `schema.json`.
 In this example, you would return `{enabled: boolean}` as part of `retrieve`, and expect `{enabled: boolean}` as argument in `apply`.
 
+### Formatting
+
+After plugin development is completed, run the following command to ensure your code adheres to the project's style guidelines:
+
+```shell
+npm run format
+```
+
+This will automatically format your TypeScript and configuration files (e.g., indentation, line breaks, trailing commas) to maintain consistency across the codebase.
+
 ## Testing
 
 To run **unit tests**:

src/commands/browserforce/apply.ts

@@ -1,4 +1,25 @@
+import { readFileSync } from 'fs';
 import { BrowserforceCommand } from '../../browserforce-command.js';
+import { maskSensitiveValues } from '../../plugins/utils.js';
+
+// Convert camelCase to kebab-case (e.g., "authProviders" -> "auth-providers")
+function camelToKebab(str: string): string {
+  return str.replace(/([a-z0-9])([A-Z])/g, '$1-$2').toLowerCase();
+}
+
+// Load schema for a plugin
+function loadPluginSchema(pluginName: string): unknown | undefined {
+  try {
+    // Resolve schema path relative to the plugins directory
+    // Since we're in src/commands/browserforce/, we need to go up to src/plugins/
+    const schemaPath = new URL(`../../plugins/${camelToKebab(pluginName)}/schema.json`, import.meta.url);
+    const schemaContent = readFileSync(schemaPath, 'utf8');
+    return JSON.parse(schemaContent);
+  } catch (error) {
+    // Schema file not found or invalid - return undefined to fall back to pattern matching
+    return undefined;
+  }
+}
 
 type BrowserforceApplyResponse = {
   success: boolean;
@@ -35,10 +56,14 @@ export class BrowserforceApply extends BrowserforceCommand<BrowserforceApplyResp
       const diff = instance.diff(state, setting.value);
       const action = flags['dry-run'] ? 'would change' : 'changing';
       if (diff !== undefined) {
+        // Load schema for this plugin to check for password fields
+        const schema = loadPluginSchema(setting.key);
+        // Mask sensitive values before logging (using schema if available)
+        const maskedDiff = maskSensitiveValues(diff, '', schema) as typeof diff;
         this.spinner.start(
-          `[${driver.name}] ${Object.keys(diff)
+          `[${driver.name}] ${Object.keys(maskedDiff)
             .map((key) => {
-              return `${action} '${key}' to '${JSON.stringify(diff[key])}'`;
+              return `${action} '${key}' to '${JSON.stringify(maskedDiff[key])}'`;
             })
             .join('\n')}`,
         );

src/plugins/auth-providers/disable.json

@@ -0,0 +1,11 @@
+{
+  "$schema": "../schema.json",
+  "settings": {
+    "authProviders": {
+      "TestAuthProvider": {
+        "consumerSecret": "test-secret-12345",
+        "consumerKey": "test-key-67890"
+      }
+    }
+  }
+}

src/plugins/auth-providers/enable.json

@@ -0,0 +1,11 @@
+{
+  "$schema": "../schema.json",
+  "settings": {
+    "authProviders": {
+      "TestAuthProvider": {
+        "consumerSecret": "test-secret-12345",
+        "consumerKey": "test-key-67890"
+      }
+    }
+  }
+}

src/plugins/auth-providers/index.e2e-spec.ts

@@ -0,0 +1,90 @@
+import assert from 'assert';
+import * as child from 'child_process';
+import { fileURLToPath } from 'node:url';
+import * as path from 'path';
+import { type Config, AuthProviders } from './index.js';
+
+const __dirname = fileURLToPath(new URL('.', import.meta.url));
+
+describe(AuthProviders.name, function () {
+  this.timeout('10m');
+  let plugin: AuthProviders;
+
+  before(() => {
+    plugin = new AuthProviders(global.browserforce);
+  });
+
+  const configWithSecretAndKey: Config = {
+    TestAuthProvider: {
+      consumerSecret: 'test-secret-12345',
+      consumerKey: 'test-key-67890',
+    },
+  };
+
+  const configWithSecretOnly: Config = {
+    TestAuthProvider: {
+      consumerSecret: 'updated-secret-abcde',
+    },
+  };
+
+  const configWithKeyOnly: Config = {
+    TestAuthProvider: {
+      consumerKey: 'updated-key-fghij',
+    },
+  };
+
+  const configEmpty: Config = {
+    TestAuthProvider: {},
+  };
+
+  it('should deploy an AuthProvider for testing', () => {
+    const sourceDeployCmd = child.spawnSync('sf', [
+      'project',
+      'deploy',
+      'start',
+      '-d',
+      path.join(__dirname, 'sfdx-source'),
+      '--json',
+    ]);
+    assert.deepStrictEqual(sourceDeployCmd.status, 0, sourceDeployCmd.output.toString());
+  });
+
+  it('should update consumerSecret and consumerKey', async () => {
+    await plugin.apply(configWithSecretAndKey);
+    // Note: retrieve() returns empty config, so we can only verify apply completes without errors
+  });
+
+  it('should update consumerSecret only', async () => {
+    await plugin.apply(configWithSecretOnly);
+  });
+
+  it('should update consumerKey only', async () => {
+    await plugin.apply(configWithKeyOnly);
+  });
+
+  it('should handle empty config without errors', async () => {
+    await plugin.apply(configEmpty);
+  });
+
+  it('should throw an error when AuthProvider does not exist', async () => {
+    const configInvalid: Config = {
+      NonExistentAuthProvider: {
+        consumerSecret: 'test-secret',
+        consumerKey: 'test-key',
+      },
+    };
+    let err;
+    try {
+      await plugin.apply(configInvalid);
+    } catch (e) {
+      err = e;
+    }
+    assert.throws(() => {
+      throw err;
+    }, /No AuthProviders found with DeveloperNames/);
+  });
+
+  it('should remove the testing AuthProvider', async () => {
+    await global.browserforce.connection.metadata.delete('AuthProvider', ['TestAuthProvider']);
+  });
+});

src/plugins/auth-providers/index.ts

@@ -0,0 +1,104 @@
+import { type SalesforceUrlPath, waitForPageErrors } from '../../browserforce.js';
+import { BrowserforcePlugin } from '../../plugin.js';
+
+const CONSUMER_SECRET_SELECTOR = '#ConsumerSecret';
+const CONSUMER_KEY_SELECTOR = '#ConsumerKey';
+const SAVE_BUTTON_SELECTOR = 'input[id$=":saveBtn"], #topButtonRow > input[name="save"], button[title="Save"]';
+
+const getUrl = (orgId: string): SalesforceUrlPath => `/${orgId}/e?retURL=/${orgId}` as SalesforceUrlPath;
+
+type AuthProviderConfig = {
+  consumerSecret?: string;
+  consumerKey?: string;
+};
+
+export type Config = {
+  [developerName: string]: AuthProviderConfig;
+};
+
+type AuthProviderRecord = {
+  Id: string;
+  DeveloperName: string;
+};
+
+export class AuthProviders extends BrowserforcePlugin {
+  public async retrieve(): Promise<Config> {
+    // Skip retrieve as requested - return empty config
+    return {};
+  }
+
+  public async apply(config: Config): Promise<void> {
+    if (!config || Object.keys(config).length === 0) {
+      return;
+    }
+
+    const developerNames = Object.keys(config);
+    const developerNamesList = developerNames.map((name) => `'${name}'`).join(',');
+
+    // Query AuthProviders using standard REST API (not Tooling API)
+    const authProviders = await this.browserforce.connection.query<AuthProviderRecord>(
+      `SELECT Id, DeveloperName FROM AuthProvider WHERE DeveloperName IN (${developerNamesList})`,
+    );
+
+    if (authProviders.records.length === 0) {
+      throw new Error(`No AuthProviders found with DeveloperNames: ${developerNames.join(', ')}`);
+    }
+
+    // Create a map for quick lookup
+    const authProviderMap = new Map<string, string>();
+    for (const authProvider of authProviders.records) {
+      authProviderMap.set(authProvider.DeveloperName, authProvider.Id);
+    }
+
+    // Verify we found all required AuthProviders
+    const missingProviders = developerNames.filter((name) => !authProviderMap.has(name));
+    if (missingProviders.length > 0) {
+      throw new Error(
+        `AuthProvider with DeveloperName(s) not found: ${missingProviders.join(', ')}. ` +
+          `Please verify the DeveloperNames are correct and the AuthProviders exist in your org.`,
+      );
+    }
+
+    // Process each auth provider configuration
+    for (const [developerName, authProviderConfig] of Object.entries(config)) {
+      const authProviderId = authProviderMap.get(developerName);
+      if (!authProviderId) {
+        throw new Error(`AuthProvider with DeveloperName '${developerName}' not found`);
+      }
+
+      try {
+        // Check if there are updates to consumerSecret or consumerKey
+        const hasConsumerUpdates =
+          authProviderConfig.consumerSecret !== undefined || authProviderConfig.consumerKey !== undefined;
+
+        if (hasConsumerUpdates) {
+          // Navigate to the edit page
+          const editPageUrl = getUrl(authProviderId);
+
+          this.browserforce.logger?.log(`Navigating to edit page for ${developerName}: ${editPageUrl}`);
+          await using page = await this.browserforce.openPage(editPageUrl);
+
+          // Update ConsumerSecret if provided
+          if (authProviderConfig.consumerSecret !== undefined) {
+            await page.locator(CONSUMER_SECRET_SELECTOR).fill(authProviderConfig.consumerSecret);
+          }
+
+          // Update ConsumerKey if provided
+          if (authProviderConfig.consumerKey !== undefined) {
+            await page.locator(CONSUMER_KEY_SELECTOR).fill(authProviderConfig.consumerKey);
+          }
+
+          // Save the changes
+          const saveButtonLocator = page.locator(SAVE_BUTTON_SELECTOR);
+          await saveButtonLocator.first().click();
+          await Promise.race([
+            page.waitForURL((url) => url.pathname === `/${authProviderId}`),
+            waitForPageErrors(page),
+          ]);
+        }
+      } catch (error) {
+        throw new Error(`Failed to update AuthProvider '${developerName}': ${error.message}`);
+      }
+    }
+  }
+}

src/plugins/auth-providers/schema.json

@@ -0,0 +1,25 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema",
+  "$id": "./auth-providers/schema.json",
+  "title": "Auth Providers",
+  "description": "Configuration for updating Auth Provider Consumer Key and Consumer Secret",
+  "type": "object",
+  "patternProperties": {
+    "^[a-zA-Z0-9_]+$": {
+      "type": "object",
+      "properties": {
+        "consumerSecret": {
+          "title": "Consumer Secret",
+          "description": "The Consumer Secret value for the Auth Provider",
+          "type": "string",
+          "x-password": true
+        },
+        "consumerKey": {
+          "title": "Consumer Key",
+          "description": "The Consumer Key value for the Auth Provider",
+          "type": "string"
+        }
+      }
+    }
+  }
+}

src/plugins/auth-providers/sfdx-source/authproviders/TestAuthProvider.authprovider

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AuthProvider xmlns="http://soap.sforce.com/2006/04/metadata">
+    <friendlyName>TestAuthProvider</friendlyName>
+    <includeOrgIdInIdentifier>true</includeOrgIdInIdentifier>
+    <isPkceEnabled>true</isPkceEnabled>
+    <providerType>OpenIdConnect</providerType>
+    <requireMfa>false</requireMfa>
+    <sendClientCredentialsInHeader>false</sendClientCredentialsInHeader>
+    <sendSecretInApis>true</sendSecretInApis>
+    <authorizeUrl>https://login.openid.com/services/oauth2/authorize</authorizeUrl>
+    <consumerKey>3MVG9k9cKU2O1H29X8gT08Ks2jVjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92WjH6Kd92W</consumerKey>
+    <consumerSecret>Placeholder_Value</consumerSecret>
+    <defaultScopes>openid profile</defaultScopes>
+    <idTokenIssuer>https://login.openid.com</idTokenIssuer>
+    <sendAccessTokenInHeader>true</sendAccessTokenInHeader>
+    <tokenUrl>https://login.openid.com/services/oauth2/token</tokenUrl>
+    <userInfoUrl>https://login.openid.com/services/oauth2/userinfo</userInfoUrl>
+</AuthProvider>

src/plugins/index.ts

@@ -1,4 +1,5 @@
 import { ActivitySettings as activitySettings } from './activity-settings/index.js';
+import { AuthProviders as authProviders } from './auth-providers/index.js';
 import { CompanyInformation as companyInformation } from './company-information/index.js';
 import { CustomerPortal as customerPortal } from './customer-portal/index.js';
 import { DensitySettings as densitySettings } from './density-settings/index.js';
@@ -24,6 +25,7 @@ import { UserAccessPolicies as userAccessPolicies } from './user-access-policies
 
 export {
   activitySettings,
+  authProviders,
   companyInformation,
   customerPortal,
   densitySettings,

src/plugins/schema.json

@@ -7,6 +7,9 @@
   "properties": {
     "settings": {
       "properties": {
+        "authProviders": {
+          "$ref": "./auth-providers/schema.json"
+        },
         "userAccessPolicies": {
           "$ref": "./user-access-policies/schema.json"
         },