Releases: Flow-Scanner/lightning-flow-scanner-app
Release list
v3.3 — External Client App Support & In-App Setup
External Client App support (new default setup)
Salesforce is phasing out the creation of new Connected Apps in favor of External Client Apps. Starting with v3.3, the post-installation setup uses an External Client App for the JWT authentication that powers Flow Scanner's Tooling API access. New installs should follow the updated instructions: create a self-signed certificate, create an External Client App with the JWT Bearer Flow enabled, and save its Consumer Key in the app.
Already using a Connected App? You don't need to change anything. Flow Scanner only stores a Consumer Key, and Salesforce accepts JWT authentication from Connected Apps and External Client Apps identically. Upgrading the package does not touch your existing Connected App, certificate, or stored key — everything keeps working. If you'd like to migrate anyway, a step-by-step guide is in the installation guide.
New in-app Setup tab
Setup no longer requires the Developer Console. The app now includes a Setup tab with a live checklist (permission set, certificate, Consumer Key), a field to save the Consumer Key directly, and a Test Connection button to verify JWT authentication end to end. On first run, the app lands on this tab automatically if authentication isn't configured yet.
Beta rules (opt-in)
Beta rules from the scanner core now appear in the Configuration tab with a Beta badge. They're disabled by default and can be enabled per rule; a toolbar toggle shows or hides them in the list.
Other improvements
- Cleaner UI: unified toolbars, tables, and footers across the Flows, Results, and Configuration tabs.
- Clearer error messages when authentication isn't configured
- Updated bundled scanner core with security patches.
Protected Custom Metadata for Consumer Ke
Protected Custom Metadata for Consumer Key
The Consumer Key can now stored in a protected custom metadata type (Flow_Scanner_OAuth_Config_Protected__mdt) instead of the previous normal one. We now also provide simplified Setup via Apex Utility Class by introducing LFSSetup.configure(consumerKey) method to handle deployment of the protected custom metadata, with built-in validation and namespace support.
Additional Post-Installation Steps
Run the updated anonymous Apex script that calls LFSSetup.configure() with your consumer key to set up the app.
OAuth Authentication
v3.0.0 Authentication Upgrade
To upgrade to Flow Scanner v3.0.0, you must follow the new post-installation instructions provided below after uninstalling any previous versions. This release introduces a new package name and namespace, requiring a clean setup to ensure compatibility and avoid conflicts.
Authentication Upgrade
- Replaced Visualforce page and token-based authentication with a Connected App using JWT Bearer Flow for server-to-server Tooling API access.
- Leverages a self-signed certificate (
Flow_Scanner) and Consumer Key stored in Custom Metadata (Flow_Scanner_OAuth_Config_Protected__mdt). - New Apex class
ToolingAPIhandles JWT generation, token caching, and Tooling API queries with enhanced error handling.
Post-Installation Setup
- Steps include:
- Creating a Connected App (
Flow_Scanner_JWT) with specific OAuth settings (scopes:api,refresh_token, offline_access). - Generating and uploading a self-signed certificate (
Flow_Scanner). - Copying the Consumer Key to Custom Metadata.
- Pre-authorizing via Profiles (optional) and assigning the
Flow Scanner Userpermission set.
- Creating a Connected App (
- Process takes ~3–5 minutes; detailed instructions provided in README.
New Package Name and Namespace
- Package name changed to
flow-scanner(ID:0HogK0000000ZFVSA2) to avoid conflicts with priorlightning-flow-scannerinstallations. - Namespace changed to
lfscannerfor the same reason. - Recommendation: Uninstall previous versions before installing v3.0.0 to prevent any conflicts.
UI Makeover
- Adds all results by navigation
- Adds overall styling improvements
- Adds sorting capabitlities to tables
Adds namespace for isolated development
- Adds Flow_Scanner namespace
- Changes deploy button to deploy managed solution
Admin Rule Overrides
V2.8.0, Admin Rule Overrides
Introduces ScanRuleConfiguration__mdt Custom Metadata Type for org-wide configuration of rule severities (Error, Warning, Info, Note), custom expressions (e.g., regex for FlowName), and disabled states. Overrides load automatically on app startup, enabling centralized governance while preserving user session-only customizations.
Setup: Navigate to Setup > Custom Metadata Types > ScanRuleConfiguration > Manage Records > New.
Fields: Rule Name (e.g., FlowName), Severity, Expression (optional), Disabled (checkbox).
Example: Override FlowName regex to [A-Za-z]+_[0-9]+ for stricter naming conventions.
See the full readme documentation for an example
Flow Overview Filters
- Adds Filters for flow type and activation status
- The toolbar rows now use scoped css
Rule Configurations
This release fixes a previous bug in flow selection and enables users to view and toggle rules for flow analysis.
New Features
- Configuration Tab - Added a new tab (Configuration) to the main Flow Scanner interface.
The MissingFaultPath rule now correctly ignores "Wait for Amount of Time" and "Wait Until Date" nodes
Upgraded to lightning-flow-scanner-core v5.9.0. This release fixes the MissingFaultPath rule to correctly ignore "Wait for Amount of Time" and "Wait Until Date" nodes, checking fault paths only for relevant nodes like "Wait for Conditions". Resolves Issue #272 (contributed by @chazwatkins). See v5.9.0 release notes for full details.