forcedotcom · wmathurin · Jun 11, 2026 · Jun 10, 2026 · Jun 10, 2026 · Jun 10, 2026
diff --git a/libs/SalesforceAnalytics/src/com/salesforce/androidsdk/analytics/logger/LogRedactor.kt b/libs/SalesforceAnalytics/src/com/salesforce/androidsdk/analytics/logger/LogRedactor.kt
@@ -28,11 +28,12 @@ package com.salesforce.androidsdk.analytics.logger
 
 private const val VISIBLE_CHARS = 4
 
+// TODO: Remove beacon_child_consumer_secret from pattern once server version 264 has rolled out everywhere.
 private val SENSITIVE_JSON_PATTERN = Regex(
     pattern = """("(?:access_token|refresh_token|id_token|csrf_token|sid""" +
         """|lightning_sid|visualforce_sid|content_sid|parent_sid""" +
         """|cookie-sid_Client|cookie-clientSrc""" +
-        """|beacon_child_consumer_secret)"\s*:\s*")([^"]+)(")""",
+        """|auto_installed_app_org_consumer_secret|beacon_child_consumer_secret)"\s*:\s*")([^"]+)(")""",
     option = RegexOption.IGNORE_CASE,
 )
 

diff --git a/libs/SalesforceSDK/src/com/salesforce/androidsdk/accounts/UserAccount.java b/libs/SalesforceSDK/src/com/salesforce/androidsdk/accounts/UserAccount.java
@@ -97,8 +97,8 @@ public class UserAccount {
 	public static final String CLIENT_ID = "clientId";
 	public static final String PARENT_SID = "parentSid";
 	public static final String TOKEN_FORMAT = "tokenFormat";
-	public static final String BEACON_CHILD_CONSUMER_KEY = "beacon_child_consumer_key";
-	public static final String BEACON_CHILD_CONSUMER_SECRET = "beacon_child_consumer_secret";
+	public static final String BEACON_CHILD_CONSUMER_KEY = "auto_installed_app_org_consumer_key";
+	public static final String BEACON_CHILD_CONSUMER_SECRET = "auto_installed_app_org_consumer_secret";
 	public static final String SCOPE = "scope";
 
 	private static final String TAG = "UserAccount";

diff --git a/libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/AuthenticatorService.java b/libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/AuthenticatorService.java
@@ -89,8 +89,8 @@ public class AuthenticatorService extends Service {
     public static final String KEY_SID_COOKIE_NAME = "sidCookieName";
     public static final String KEY_PARENT_SID = "parentSid";
     public static final String KEY_TOKEN_FORMAT = "tokenFormat";
-    public static final String KEY_BEACON_CHILD_CONSUMER_KEY = "beacon_child_consumer_key";
-    public static final String KEY_BEACON_CHILD_CONSUMER_SECRET = "beacon_child_consumer_secret";
+    public static final String KEY_BEACON_CHILD_CONSUMER_KEY = "auto_installed_app_org_consumer_key";
+    public static final String KEY_BEACON_CHILD_CONSUMER_SECRET = "auto_installed_app_org_consumer_secret";
     public static final String KEY_SCOPE = "scope";
 
     private static final String TAG = "AuthenticatorService";

diff --git a/libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/OAuth2.java b/libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/OAuth2.java
@@ -213,8 +213,11 @@ public class OAuth2 {
     private static final String SID_COOKIE_NAME = "sidCookieName";
     private static final String PARENT_SID = "parent_sid";
     private static final String TOKEN_FORMAT = "token_format";
-    private static final String BEACON_CHILD_CONSUMER_SECRET = "beacon_child_consumer_secret";
-    private static final String BEACON_CHILD_CONSUMER_KEY = "beacon_child_consumer_key";
+    private static final String BEACON_CHILD_CONSUMER_SECRET = "auto_installed_app_org_consumer_secret";
+    private static final String BEACON_CHILD_CONSUMER_KEY = "auto_installed_app_org_consumer_key";
+    // TODO: Remove legacy fallback constants once server version 264 has rolled out everywhere.
+    private static final String LEGACY_BEACON_CHILD_CONSUMER_SECRET = "beacon_child_consumer_secret";
+    private static final String LEGACY_BEACON_CHILD_CONSUMER_KEY = "beacon_child_consumer_key";
 
     public static final DateFormat TIMESTAMP_FORMAT;
     static {
@@ -1000,11 +1003,16 @@ public TokenEndpointResponse(Response response, List<String> additionalOauthKeys
                 tokenFormat = parsedResponse.optString(TOKEN_FORMAT);
 
                 // Beacon child fields expected when using a beacon app and web server flow
+                // TODO: Remove LEGACY_BEACON_CHILD_CONSUMER_* fallback once server version 264 has rolled out everywhere.
                 if (parsedResponse.has(BEACON_CHILD_CONSUMER_KEY)) {
                     beaconChildConsumerKey = parsedResponse.getString(BEACON_CHILD_CONSUMER_KEY);
+                } else if (parsedResponse.has(LEGACY_BEACON_CHILD_CONSUMER_KEY)) {
+                    beaconChildConsumerKey = parsedResponse.getString(LEGACY_BEACON_CHILD_CONSUMER_KEY);
                 }
                 if (parsedResponse.has(BEACON_CHILD_CONSUMER_SECRET)) {
                     beaconChildConsumerSecret = parsedResponse.getString(BEACON_CHILD_CONSUMER_SECRET);
+                } else if (parsedResponse.has(LEGACY_BEACON_CHILD_CONSUMER_SECRET)) {
+                    beaconChildConsumerSecret = parsedResponse.getString(LEGACY_BEACON_CHILD_CONSUMER_SECRET);
                 }
                 scope = parsedResponse.optString(SCOPE);
 

diff --git a/...rceAnalyticsTest/src/com/salesforce/androidsdk/analytics/logger/SalesforceLoggerTest.java b/...rceAnalyticsTest/src/com/salesforce/androidsdk/analytics/logger/SalesforceLoggerTest.java
@@ -236,8 +236,20 @@ public void testRedactParentSid() {
         Assert.assertEquals("parent_sid should be redacted", expected, SalesforceLogger.redact(input));
     }
 
+    /**
+     * Test that auto_installed_app_org_consumer_secret is redacted in JSON.
+     */
+    @Test
+    public void testRedactAutoInstalledAppOrgConsumerSecret() {
+        final String value = randomString(11);
+        final String input = "{\"auto_installed_app_org_consumer_secret\":\"" + value + "\"}";
+        final String expected = "{\"auto_installed_app_org_consumer_secret\":\"" + expectedMask(value) + "\"}";
+        Assert.assertEquals("auto_installed_app_org_consumer_secret should be redacted", expected, SalesforceLogger.redact(input));
+    }
+
     /**
      * Test that beacon_child_consumer_secret is redacted in JSON.
+     * TODO: Remove once server version 264 has rolled out everywhere.
      */
     @Test
     public void testRedactBeaconChildConsumerSecret() {

diff --git a/libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/accounts/UserAccountTest.java b/libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/accounts/UserAccountTest.java
@@ -655,8 +655,8 @@ private OAuth2.TokenEndpointResponse createTokenEndpointResponseLikeUserAgentFlo
 
     private OAuth2.TokenEndpointResponse createTokenEndpointResponseLikeWebServerFlow() {
         Map<String, String> params = createTokenEndpointParams();
-        params.put("beacon_child_consumer_key", TEST_BEACON_CHILD_CONSUMER_KEY);
-        params.put("beacon_child_consumer_secret", TEST_BEACON_CHILD_CONSUMER_SECRET);
+        params.put("auto_installed_app_org_consumer_key", TEST_BEACON_CHILD_CONSUMER_KEY);
+        params.put("auto_installed_app_org_consumer_secret", TEST_BEACON_CHILD_CONSUMER_SECRET);
         JSONObject responseJson = new JSONObject(params);
         MediaType mediaType = MediaType.parse("application/json");
         ResponseBody responseBody = ResponseBody.create(responseJson.toString(), mediaType);