How do I install sf-connected-apps?

Run `npx skills add https://github.com/jaganpro/sf-skills --skill sf-connected-apps` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does sf-connected-apps support?

sf-connected-apps works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is sf-connected-apps free to use?

Yes. sf-connected-apps is free to install and use. It is available from the open explainx.ai skill registry published by jaganpro.

Where can I read ratings and reviews for sf-connected-apps?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

Productivity

sf-connected-apps▌

jaganpro/sf-skills · updated Apr 19, 2026

$npx skills add https://github.com/jaganpro/sf-skills --skill sf-connected-apps

0 commentsdiscussion

summary

Use this skill when the user needs OAuth app configuration in Salesforce: Connected Apps, External Client Apps (ECAs), JWT bearer setup, PKCE decisions, scope design, or migration from older Connected App patterns to newer ECA patterns.

skill.md

sf-connected-apps: Salesforce Connected Apps & External Client Apps

Use this skill when the user needs OAuth app configuration in Salesforce: Connected Apps, External Client Apps (ECAs), JWT bearer setup, PKCE decisions, scope design, or migration from older Connected App patterns to newer ECA patterns.

When This Skill Owns the Task

Use sf-connected-apps when the work involves:

.connectedApp-meta.xml or .eca-meta.xml files
OAuth flow selection and callback / scope setup
JWT bearer auth, device flow, client credentials, or auth-code decisions
Connected App vs External Client App architecture choices
consumer-key / secret / certificate handling strategy

Delegate elsewhere when the user is:

configuring Named Credentials or runtime callouts → sf-integration
analyzing access / permission policy assignments → sf-permissions
writing Apex token-handling code → sf-apex
deploying metadata to orgs → sf-deploy

First Decision: Connected App or External Client App

If the need is...	Prefer
simple single-org OAuth app	Connected App
new development with better secret handling	External Client App
multi-org / packaging / stronger operational controls	External Client App
straightforward legacy compatibility	Connected App

Default guidance:

choose ECA for new regulated, packageable, or automation-heavy solutions
choose Connected App when simplicity and legacy compatibility matter more
Spring ’26 note: creation of new Connected Apps is disabled by default in orgs. For new integrations, prefer External Client Apps unless Connected App compatibility is explicitly required.

Required Context to Gather First

Ask for or infer:

app type: Connected App or ECA
OAuth flow: auth code, PKCE, JWT bearer, device, client credentials
client type: confidential vs public
callback URLs / redirect surfaces
required scopes
distribution model: local org only vs packageable / multi-org
whether certificates or secret rotation are required

Recommended Workflow

1. Choose the app model

Decide whether a Connected App or ECA is the better long-term fit.

2. Choose the OAuth flow

Use case	Default flow
backend web app	Authorization Code
SPA / mobile / public client	Authorization Code + PKCE
server-to-server / CI/CD	JWT Bearer
device / CLI auth	Device Flow
service account style app	Client Credentials (typically ECA)

3. Start from the right template

Use the provided assets instead of building from scratch:

assets/connected-app-basic.xml
assets/connected-app-oauth.xml
assets/connected-app-jwt.xml
assets/external-client-app.xml
assets/eca-global-oauth.xml
assets/eca-oauth-settings.xml
assets/eca-policies.xml

4. Apply security hardening

Favor:

least-privilege scopes
explicit callback URLs
PKCE for public clients
certificate-based auth where appropriate
rotation-ready secret / key handling
IP restrictions when realistic and maintainable

5. Validate deployment readiness

Before handoff, confirm:

metadata file naming is correct
scopes are justified
callback and auth model match the real client type
secrets are not embedded in source

High-Signal Security Rules

Avoid these anti-patterns:

Anti-pattern	Why it fails
wildcard / overly broad callback URLs	token interception risk
`Full` scope by default	unnecessary privilege
PKCE disabled for public clients	code interception risk
consumer secret committed to source	credential exposure
no rotation / cert strategy for automation	brittle long-term ops

Default fix direction:

narrow scopes
constrain callbacks
enable PKCE for public clients
keep secrets outside version control
use JWT certificates or controlled secret storage where appropriate

Metadata Notes That Matter

Connected App

Usually lives under:

force-app/main/default/connectedApps/

External Client App

Typically involves multiple metadata files, including:

base ECA header
global OAuth settings
instance OAuth settings
optional policy metadata

Important file-name gotcha:

the global OAuth suffix is .ecaGlblOauth, not .ecaGlobalOauth

Output Format

When finishing, report in this order:

App type chosen
OAuth flow chosen
Files created or updated
Security decisions
Next deployment / testing step

Suggested shape:

App: <name>
Type: Connected App | External Client App
Flow: <oauth flow>
Files: <paths>
Security: <scopes, PKCE, certs, secrets, IP policy>
Next step: <deploy, retrieve consumer key, or test auth flow>

Cross-Skill Integration

Need	Delegate to	Reason
Named Credential / callout runtime config	sf-integration	runtime integration setup
deploy app metadata	sf-deploy	org validation and deployment
Apex token or refresh handling	sf-apex	implementation logic
permission review after deployment	sf-permissions	access governance

Reference Map

Start here

Migration / examples

Score Guide

Score	Meaning
80+	production-ready OAuth app config
54–79	workable but needs hardening review
< 54	block deployment until fixed

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.8★★★★★25 reviews

★★★★★Dhruvi Jain· Dec 20, 2024
sf-connected-apps has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Maya Martin· Dec 4, 2024
Solid pick for teams standardizing on skills: sf-connected-apps is focused, and the summary matches what you get after install.
★★★★★Maya Kapoor· Nov 23, 2024
Registry listing for sf-connected-apps matched our evaluation — installs cleanly and behaves as described in the markdown.
★★★★★Oshnikdeep· Nov 11, 2024
Keeps context tight: sf-connected-apps is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Kiara Mensah· Oct 14, 2024
Useful defaults in sf-connected-apps — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Ganesh Mohane· Oct 2, 2024
We added sf-connected-apps from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Zaid Malhotra· Sep 25, 2024
sf-connected-apps is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Sakshi Patil· Sep 9, 2024
Useful defaults in sf-connected-apps — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Chaitanya Patil· Aug 28, 2024
Registry listing for sf-connected-apps matched our evaluation — installs cleanly and behaves as described in the markdown.
★★★★★Maya Dixit· Aug 12, 2024
sf-connected-apps reduced setup friction for our internal harness; good balance of opinion and flexibility.

showing 1-10 of 25

1 / 3