I can not see any options to view Consumer Key and consumer secret of a connected app from a managed package. I tried to view this by logging into subscriber org as well but I could not find it there. Please let me know if you have any work arounds for this
1 Answer
The consumer key and secret are only available in the org where the connected app was created in.
I.e. For a connected app included in a managed package it's only available in the packaging org, not in the org that the package is installed in.
If that were not the case, then it'd be a lot harder for ISVs to have data flow from their server(s) into your org (or require extra setup on the ISV customer's side). This is for stuff like Docusign updating the Envelope status when someone signs a contract.
If you need to get a client key/secret for something that you're going to do yourself, then you should make your own connected app.
- Pretty sure this answer is incorrect for managed packages that include a Connected App. I believe a new Connected App is created on the subscriber org when first installed, and is available through the App Manager on that org.Phil W– Phil W2025-04-23 21:20:14 +00:00Commented Apr 23 at 21:20
- 1@PhilW Looking at my own org in
Setup -> Apps -> App Manager, the "Manage" action is the only one available for Connected Apps installed by managed packages, and that doesn't provide the consumer key/secret. A connected app that I created myself in Prod additionally has "edit" and "view" actions ("view" is the action that takes me to the page where I can get at the consumer key/secret). I've "installed" that same app in my QA org (after first removing the copy that came over in the sandbox creation/refresh) and it too only has the "manage" action available (and no access to the key/secret).Derek F– Derek F2025-04-24 13:23:26 +00:00Commented Apr 24 at 13:23 - I went down a rabbit hole, first finding information that aligned with my original understanding (that new client ID/secret values are generated on install) but also finding detail that aligns with what you've stated here. I also checked to see if I could access the key/secret for an installed 1GP's connected app and I could not. It strikes me that the only benefit, therefore, for packaging a connected app is that it appears in the App Manager without the need to have someone try to use it with a given org first. Would you concur? (Obviously ISVs should now use External Client Apps for OAuth.)Phil W– Phil W2025-04-30 10:13:47 +00:00Commented Apr 30 at 10:13