August 20th, 2015
(written by lawrence krubner, however indented passages are often quotes). You can contact lawrence at: firstname.lastname@example.org
Reading through SalesForce documentation I constantly come upon 404 errors:
They don’t keep the documentation up to date.
Consider the question, “When does it make sense to add a Connected App to a Managed Package?” This is something I’ve wondered. And no one can give me a reliable answer.
One answer makes it sound like the important issue is about allowing other companies to use your app:
Let’s say that you have a salesforce application that communicates with an API you’ve developed. That API connects to salesforce using the Consumer Secret and Consumer Key of your connected app, and it is used to grant access to the org using OAuth.
Now you package that app and start distributing it through the appexchange. Every time somebody installs your app, the connected app is deployed preserving the same Consumer Secret and Consumer Key, and will be able to communicate with your API.
Each OAuth grant is based on users and orgs; so the fact you granted access to that connected app on a costumer org does not grant you access to other costumer orgs also obviously.
However, the Apple App store is full of apps that connect to SalesForce, and which don’t need the permission of the user’s SalesForce admin. So clearly, with Connected Apps, there are a ton of exceptions.
We got on a call with SalesForce support, and they were unable to answer our questions. No one knows how SalesForce works, not even SalesForce.Source