Skip to main content

Salesforce login() flow retirement & External Client App migration

This document covers Gearset response to salesofrces recent changes to move users towards External Client App's

Written by Richard Terry

Some users have reached out to ask about Gearset's plan to move from a Connected App to a External Client App & understand if Gearset uses the username-password flow for authentication.

This is in reference to salesforce starting the move towards External Client App's.
Salesforce: SOAP API login() retirement

Connected App to External Client App Migration

All connections in Gearset from Q1 2025 use OAuth via a connected app to authorise against Salesforce.

ℹ️ Salesforce have this line in their documentation which is not quite accurate.

This requires applications that use SOAP API login() to migrate to external client applications and OAuth.

The login() flow did not require a Connected App to performed auth requests as it used login credentials directly.

Salesforce have now disabled the creation of any new Connected Apps which is why they mention migrating to External Client Applications, however existing Connected Apps, such as the Connected Apps we use in Gearset, will continue to function.


While Gearset Is currently working on creating an External Client App, we do not have a public timeline for this change yet.

We will notify users when this changes.

Gearset authentication flow.

Connections made after Q1 2025

As of Q1 2025 Gearset has not accepted new connections that use username-password flow, we only use the OAuth 2.0 Web Server flow to access your orgs.

The original Username/Password that you enter when establishing a connection is to authorize the connection and allow us to gain a Refresh token.

Gearset never sees this password.

Pre Q1 2025 Org connections

If you have an org connection from before Q1 2025 then these may have used the old username/Password flow for org connection, if this is the case you should check to see if you need to move over to the new authentication method.

Todo this open your org connections here.

If you select your org connection and open the drop down you will be able to see if the Authorization type is set to "Username / Password"

If you see that the connection uses the Username / Password method, you can re-authenticate the connection by the selecting "Reauthorize" in the dropdown menu.

You will then be prompted to sign in again.

Once this is done you should see Authorization type is set to "Salesforce"

Questions?

If you have any questions about this please reach out to support in the in-app chat and we will be happy to clarify any details 🙂

Did this answer your question?