Enhanced Domains and Impacts in Skuid

Enhanced domains are the next version of Salesforce’s My Domain feature, which allows Salesforce admins to brand the URL of their org.

This update will be automatically enabled in orgs updated to Winter ‘23, so it’s important to take proactive steps to ensure your users have no interruptions.

For Salesforce-specific information on this feature, see Salesforce Help.

Temporarily disabling enhanced domains

A temporary solution for some of these potential issues is to disable the enhanced domains feature once it is activated in the Winter ‘23 Salesforce release.

Continue reading for specific steps on disabling the feature. For more about the enabling/disabling process, see Salesforce help.

Warning

This should only be a temporary measure, as enhanced domains are currently scheduled to be enforced in Salesforce’s Winter ‘24 update.

In Salesforce Classic

  1. Navigate to Salesforce Setup.
  2. In the sidebar, navigate to (or search for) Administer > Domain Management > My Domain.
  3. Beside My Domain Details, click Edit.
  4. Uncheck Use enhanced domains.
  5. Click Save.

In Salesforce Lightning

  1. Navigate to Salesforce Setup.
  2. In the sidebar, navigate to (or search for) Company Settings > My Domain.
  3. Beside My Domain Details, click Edit.
  4. Uncheck Use enhanced domains.
  5. Click Save.

Updating callback URLs (redirect URIs)

Callback URLs, also known as redirect URIs, tell your data sources where to send a successful authentication request. Because enhanced domains change the web address of your Salesforce org, you must update the callback URLs for all data sources you connect to using OAuth authentication. Otherwise, Skuid’s attempts to authenticate will fail.

If callback URLs are not updated, your end users will be unable to access the affected data sources in Skuid until they are fixed. However there are no other destructive effects on your apps. You can update callback URLs at any time, so note any previous settings and revert to them if you see issues.

Continue reading to learn how to update your callback URLs for some common Skuid data sources. For general information about callback URLs and Skuid, see the Callback URLs/Redirect URIs topic.

Determine new callback URLs

First, use the form below to determine the callback URLs you’ll need to use when updating your various OAuth settings. Then copy down the generated URLs.

You’ll need all five (5) URLs for each OAuth connection you have on your Skuid org.

Salesforce org-to-org connections

When working with org-to-org connections, you’ll need to update any connected app in any external org you are connecting to once you’ve updated the connecting org’s enhanced domain.

If you don’t update the callback URLs in your external orgs, then you’ll likely see an OAuth popup with this message:

error=redirect_uri_mismatch&error_description=redirect_uri%20must%20match%20configuration

Once you’ve updated the external org’s enhanced domain, you’ll need to update your Salesforce data sources. See more in the Updating Salesforce data source and authentication provider endpoints section.

This page assumes you’ll be updating your connecting org to use enhanced domains first. Complete the following steps in each org you connect to.

In Salesforce Classic

  1. Navigate to Salesforce Setup.

  2. In the sidebar, navigate to (or search for) Build > Create > Apps.

    Note

    Navigating to Administer > Manage Apps > Connected Apps will not take you directly to the screen to update callback URLs.

  3. Click Edit beside the connected app you wish to update.

  4. Paste the three updated callback URLs reflecting the enhanced domain into the Callback URL field.

  5. Click Save.

In Salesforce Lightning

  1. Navigate to Salesforce Setup.

  2. In the sidebar, navigate to (or search for) Apps > App Manager.

  3. On the row for the connected app used for Skuid, click the down arrow at the end of the row to access more options.

  4. Within the more options menu, click Edit.

    Note

    The View and Manage options will not take you directly to the screen to update callback URLs.

  5. Paste the three updated callback URLs reflecting the enhanced domain into the Callback URL field.

  6. Click Save.

Google data sources

If your callback URLs are not updated in Google data sources, like Drive and Calendar, this error may appear:

Authorization Error

Error 400: redirect_uri_mismatch

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy.

If you're the app developer, register the redirect URI in the Google Cloud Console.

To resolve this:

  1. Navigate to the Google Cloud console’s credentials page.

    Note

    If you have multiple Google Cloud projects, ensure you have selected the project created for your Skuid data source.

  2. Find the OAuth 2.0 Client ID used for your Skuid data source.

  3. Click the pencil icon labeled Edit OAuth client.

  4. In the Authorized redirect URIs section, click Add URI.

  5. Paste one of the updated callback URLs.

  6. Repeat the process of adding a URI for each callback URL.

  7. Click Save.

Note

Your OAuth app may take some time to update.

OData and REST data sources

The process to update callback URLs varies from service to service. Consult your service’s documentation for more information, looking for mentions of updating your OAuth app’s callback URL or redirect URI (they serve the same purpose).

Updating data source/authentication provider endpoints

When connecting to an external Salesforce org from either Skuid SFX or Skuid NLX, that external org’s domain is also important. The domain for an external org determines the endpoints that Skuid connects to in order to retrieve data. And while the enhanced domains feature affects the URLs for some areas of a Salesforce org, enabling enhanced domains does not change the endpoints used by Skuid by default.

However, if you choose to change your org’s domain when enabling enhanced domains, these endpoints must be updated as well. If the domain is updated, but your endpoints are not, you’ll see these error messages in your Skuid pages:

  • Could+not+find+the+authenticating+server. Grant+URL:+https://example.my.salesforce.com/services/oauth2/token ... is part of a longer error message that indicates a Skuid authentication provider’s endpoints are out of date.
  • 307 Temporary Redirect: indicates a Skuid data source’s endpoint is out of date.

Depending on your use case, you may need to update several endpoints:

  • If connecting to a Salesforce org as a data source in Skuid SFX or Skuid NLX, you’ll need to update the data source and the authentication provider.
  • If using Salesforce as an identity provider for a single sign-on configuration, you’ll need to update the authentication provider used for the configuration.

Updating Salesforce authentication providers

  1. In the Skuid admin UI, navigate to Data sources > Authentication Providers.

  2. Click on the Salesforce authentication provider you wish to update.

    Note

    Pay particular attention to authentication providers with the OAuth 2.0 / OpenID tag.

  3. Update the endpoints to match your new domain:

    • Authorize Endpoint URL: Only change the domain endpoint, retaining the /services/oauth2/authorize section.

      For example, if the original endpoint was https://example-old.my.salesforce.com/services/oauth2/authorize

      And the updated enhanced domain is example-new-enhanced-domain

      Your new endpoint would be https://example-new-enhanced-domain.my.salesforce.com/services/oauth2/authorize

    • Token Endpoint URL: Only change the domain endpoint, retaining the /services/oauth2/token section.

      For example, if the original endpoint was https://example-old.my.salesforce.com/services/oauth2/token

      And the updated enhanced domain is example-new-enhanced-domain

      Your new endpoint would be https://example-new-enhanced-domain.my.salesforce.com/services/oauth2/authorize

  4. Click Save.

Updating Salesforce data source properties

The steps below are the same for Skuid SFX and Skuid NLX.

  1. In the Skuid admin UI, navigate to Data sources.

  2. Click on the Salesforce data source you wish to update.

    Note

    If you have multiple Salesforce connections, or many data sources to browse through, it can be helpful to set the Filter by type to Salesforce.

  3. Update the URL field to match your new domain.

    For example, if the original URL was https://example-old.my.salesforce.com

    And the updated enhanced domain is example-new-enhanced-domain

    Your new URL would be https://example-new-enhanced-domain.my.salesforce.com

  4. Click Save.

You must also create a remote site setting for this new domain. You can do this by logging in as a builder and visiting a Skuid page using this data source, which will prompt you to create this setting and autofill the appropriate fields. You can also create one manually. Ensure the Remote Site URL field matches the URL you updated in the data source screen.

Updating the Salesforce metadata cache

Skuid can store a cache of a Salesforce data source’s metadata to enable better performance. However, if the metadata cache is enabled, this cache may need to be refreshed when enhanced domains are enabled for an external Salesforce org. If the cache isn’t refreshed, error messages like these may appear:

  • 400 Bad Request: An unexpected error occurred. Please include this ErrorId if you contact support: 12345678-12345 (-123456789)
  • Error retrieving metadata for model(s) associated with data source '<Name of Salesforce data source>'. Please check models' properties to ensure they are set correctly.

To resolve this issue, refresh the problematic data source’s metadata cache:

  1. Navigate to Data Sources.
  2. Click the row item for the cached data source.
  3. Click Refresh Metadata.