@salesforce/plugin-auth
Advanced tools
Auth commands for Salesforce CLI
This plugin is bundled with the Salesforce CLI. For more information on the CLI, read the getting started guide.
We always recommend using the latest version of these commands bundled with the CLI, however, you can install a specific version or tag if needed.
sfdx plugins:install auth@x.y.z
Please report any issues at https://github.com/forcedotcom/cli/issues
External contributors will be required to sign a Contributor's License Agreement. You can do so by going to https://cla.salesforce.com/sign-cla.
To build the plugin locally, make sure to have yarn installed and run the following commands:
# Clone the repository
git clone git@github.com:salesforcecli/plugin-auth
# Install the dependencies and compile
yarn install
yarn build
To use your plugin, run using the local ./bin/run or ./bin/run.cmd file.
# Run using local run file.
./bin/run auth
There should be no differences when running via the Salesforce CLI or using the local run file. However, it can be useful to link the plugin to do some additional testing or run your commands from anywhere on your machine.
# Link your plugin to the sfdx cli
sfdx plugins:link .
# To verify
sfdx plugins
sfdx auth:device:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:jwt:grant -u <string> -f <filepath> -i <string> [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:list [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:logout [-a] [-p] [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:sfdxurl:store -f <filepath> [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:web:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:device:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]authorize an org using a device code
USAGE
$ sfdx auth:device:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-d, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-i, --clientid=clientid OAuth client ID (sometimes called
the consumer key)
-r, --instanceurl=instanceurl the login URL of the instance the
org lives on
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
ALIASES
$ sfdx force:auth:device:login
EXAMPLES
sfdx auth:device:login -d -a TestOrg1
sfdx auth:device:login -i <OAuth client id>
sfdx auth:device:login -r https://test.salesforce.com
See code: src/commands/auth/device/login.ts
sfdx auth:jwt:grant -u <string> -f <filepath> -i <string> [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]authorize an org using the JWT flow
USAGE
$ sfdx auth:jwt:grant -u <string> -f <filepath> -i <string> [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-d, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-f, --jwtkeyfile=jwtkeyfile (required) path to a file containing
the private key
-i, --clientid=clientid (required) OAuth client ID
(sometimes called the consumer key)
-r, --instanceurl=instanceurl the login URL of the instance the
org lives on
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
-u, --username=username (required) authentication username
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
Use a certificate associated with your private key that has been uploaded to a personal connected app.
If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To
specify a My Domain URL, use the format MyDomainName.my.salesforce.com (not MyDomainName.lightning.force.com).
ALIASES
$ sfdx force:auth:jwt:grant
EXAMPLES
sfdx auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id>
sfdx auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id> -s -a MyDefaultOrg
sfdx auth:jwt:grant -u me@acme.org -f <path to jwt key file> -i <OAuth client id> -r https://acme.my.salesforce.com
See code: src/commands/auth/jwt/grant.ts
sfdx auth:list [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]list auth connection information
USAGE
$ sfdx auth:list [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
ALIASES
$ sfdx force:auth:list
See code: src/commands/auth/list.ts
sfdx auth:logout [-a] [-p] [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]log out from authorized orgs
USAGE
$ sfdx auth:logout [-a] [-p] [-u <string>] [--apiversion <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --all include all authenticated orgs
-p, --noprompt do not prompt for confirmation
-u, --targetusername=targetusername username or alias for the target
org; overrides default target org
--apiversion=apiversion override the api version used for
api requests made by this command
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
By default, this command logs you out from your default scratch org.
ALIASES
$ sfdx force:auth:logout
EXAMPLES
sfdx auth:logout -u me@my.org
sfdx auth:logout -a
sfdx auth:logout -p
See code: src/commands/auth/logout.ts
sfdx auth:sfdxurl:store -f <filepath> [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]authorize an org using an SFDX auth URL
USAGE
$ sfdx auth:sfdxurl:store -f <filepath> [-d] [-s] [-a <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-d, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-f, --sfdxurlfile=sfdxurlfile (required) path to a file containing
the sfdx url
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
Authorize a Salesforce org using an SFDX auth URL stored within a file. The file must have the format
"force://<refreshToken>@<instanceUrl>" or "force://<clientId>:<clientSecret>:<refreshToken>@<instanceUrl>".
The file must contain only the URL or be a JSON file that has a top-level property named sfdxAuthUrl.
Use this command to get the SFDX auth URL for a Dev Hub org you have already authorized:
$ sfdx force:org:display -u <DevHub> --verbose
ALIASES
$ sfdx force:auth:sfdxurl:store
EXAMPLES
sfdx auth:sfdxurl:store -f <path to sfdxAuthUrl file>
sfdx auth:sfdxurl:store -f <path to sfdxAuthUrl file> -s -a MyDefaultOrg
See code: src/commands/auth/sfdxurl/store.ts
sfdx auth:web:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]authorize an org using the web login flow
USAGE
$ sfdx auth:web:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-d, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-i, --clientid=clientid OAuth client ID (sometimes called
the consumer key)
-r, --instanceurl=instanceurl the login URL of the instance the
org lives on
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
To log in to a sandbox, set --instanceurl to https://test.salesforce.com.
ALIASES
$ sfdx force:auth:web:login
EXAMPLES
sfdx auth:web:login -a TestOrg1
sfdx auth:web:login -i <OAuth client id>
sfdx auth:web:login -r https://test.salesforce.com
See code: src/commands/auth/web/login.ts
FAQs
plugin for sf auth commands
The npm package @salesforce/plugin-auth receives a total of 144,496 weekly downloads. As such, @salesforce/plugin-auth popularity was classified as popular.
We found that @salesforce/plugin-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.
Security News
TC39 met in Seattle and advanced 9 JavaScript proposals, including three to Stage 4, introducing new features and enhancements for a future ECMAScript release.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.