Enhance Unsecured Connected Apps (#1635)

* feat: enhance unsecure connected apps monitoring with ignore list support and detailed reporting

* feat: add support for deleting OAuth tokens of uninstalled connected apps

* doc

* changelog

Author: nvuillam

CHANGELOG.md

@@ -4,6 +4,12 @@
 
 Note: Can be used with `sfdx plugins:install sfdx-hardis@beta` and docker image `hardisgroupcom/sfdx-hardis@beta`
 
+- [hardis:org:diagnose:unsecure-connected-apps](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unsecure-connected-apps/) enhancements:
+  - Add OAuth Token usage details
+  - Find application using AppMenuItem Id when its name is not matching
+  - Allow to ignore some connected apps using `monitoringUnsecureConnectedAppsIgnore` (project config) or `MONITORING_UNSECURE_CONNECTED_APPS_IGNORE` (env var) config property.
+  - Allow to delete "ghost" OAuth Tokens if user confirms it
+
 ## [6.20.0] 2025-12-31
 
 - [hardis:doc:object-field-usage](https://sfdx-hardis.cloudity.com/hardis/doc/object-field-usage/): Analyze field usage and data completeness for Salesforce objects

config/sfdx-hardis.jsonschema.json

@@ -1463,6 +1463,21 @@
       "title": "Monitoring usernames to exclude",
       "type": "array"
     },
+    "monitoringUnsecureConnectedAppsIgnore": {
+      "$id": "#/properties/monitoringUnsecureConnectedAppsIgnore",
+      "description": "List of Connected App names to ignore while running Unsecure Connected Apps monitoring command",
+      "examples": [
+        [
+          "ForcePad",
+          "Another Unsecure Connected App"
+        ]
+      ],
+      "items": {
+        "type": "string"
+      },
+      "title": "Unsecure Connected Apps to ignore",
+      "type": "array"
+    },
     "msTeamsWebhookUrl": {
       "$id": "#/properties/msTeamsWebhookUrl",
       "default": "",

docs/schema/sfdx-hardis-json-schema-parameters.html

@@ -6210,6 +6210,75 @@ <h2 class="mb-0">
         </div>
     </div>
 </div>
+<div class="accordion" id="accordionmonitoringUnsecureConnectedAppsIgnore">
+    <div class="card">
+        <div class="card-header" id="headingmonitoringUnsecureConnectedAppsIgnore">
+            <h2 class="mb-0">
+                <button class="btn btn-link property-name-button" type="button" data-toggle="collapse" data-target="#monitoringUnsecureConnectedAppsIgnore"
+                        aria-expanded="" aria-controls="monitoringUnsecureConnectedAppsIgnore" onclick="setAnchor('#monitoringUnsecureConnectedAppsIgnore')"><span class="property-name">monitoringUnsecureConnectedAppsIgnore</span></button>
+            </h2>
+        </div>
+
+        <div id="monitoringUnsecureConnectedAppsIgnore"
+             class="collapse property-definition-div" aria-labelledby="headingmonitoringUnsecureConnectedAppsIgnore"
+             data-parent="#accordionmonitoringUnsecureConnectedAppsIgnore">
+            <div class="card-body pl-5">
+
+    <div class="breadcrumbs">root
+        <svg width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-arrow-right-short" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+            <path
+                fill-rule="evenodd"
+                d="M4 8a.5.5 0 0 1 .5-.5h5.793L8.146 5.354a.5.5 0 1 1 .708-.708l3 3a.5.5 0 0 1 0 .708l-3 3a.5.5 0 0 1-.708-.708L10.293 8.5H4.5A.5.5 0 0 1 4 8z"
+            />
+        </svg>
+    <a href="#monitoringUnsecureConnectedAppsIgnore" onclick="anchorLink('monitoringUnsecureConnectedAppsIgnore')">monitoringUnsecureConnectedAppsIgnore</a></div><h4>Unsecure Connected Apps to ignore</h4><span class="badge badge-dark value-type">Type: array of string</span><br/>
+<span class="description"><p>List of Connected App names to ignore while running Unsecure Connected Apps monitoring command</p>
+</span>
+        
+
+        
+        
+
+         <span class="badge badge-info no-additional">No Additional Items</span><h4>Each item of this array must be:</h4>
+    <div class="card">
+        <div class="card-body items-definition" id="monitoringUnsecureConnectedAppsIgnore_items">
+            
+
+    <div class="breadcrumbs">root
+        <svg width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-arrow-right-short" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+            <path
+                fill-rule="evenodd"
+                d="M4 8a.5.5 0 0 1 .5-.5h5.793L8.146 5.354a.5.5 0 1 1 .708-.708l3 3a.5.5 0 0 1 0 .708l-3 3a.5.5 0 0 1-.708-.708L10.293 8.5H4.5A.5.5 0 0 1 4 8z"
+            />
+        </svg>
+    <a href="#monitoringUnsecureConnectedAppsIgnore" onclick="anchorLink('monitoringUnsecureConnectedAppsIgnore')">monitoringUnsecureConnectedAppsIgnore</a>
+        <svg width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-arrow-right-short" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+            <path
+                fill-rule="evenodd"
+                d="M4 8a.5.5 0 0 1 .5-.5h5.793L8.146 5.354a.5.5 0 1 1 .708-.708l3 3a.5.5 0 0 1 0 .708l-3 3a.5.5 0 0 1-.708-.708L10.293 8.5H4.5A.5.5 0 0 1 4 8z"
+            />
+        </svg>
+    <a href="#monitoringUnsecureConnectedAppsIgnore_items" onclick="anchorLink('monitoringUnsecureConnectedAppsIgnore_items')">monitoringUnsecureConnectedAppsIgnore items</a></div><span class="badge badge-dark value-type">Type: string</span><br/>
+
+        
+
+        
+        
+
+        
+        </div>
+    </div><br/>
+<div class="badge badge-secondary">Example:</div>
+<br/><div id="monitoringUnsecureConnectedAppsIgnore_ex1" class="jumbotron examples"><div class="highlight"><pre><span></span><span class="p">[</span>
+<span class="w">    </span><span class="s2">&quot;ForcePad&quot;</span><span class="p">,</span>
+<span class="w">    </span><span class="s2">&quot;Another Unsecure Connected App&quot;</span>
+<span class="p">]</span>
+</pre></div>
+</div>
+            </div>
+        </div>
+    </div>
+</div>
 <div class="accordion" id="accordionmsTeamsWebhookUrl">
     <div class="card">
         <div class="card-header" id="headingmsTeamsWebhookUrl">