@salesforce/plugin-auth
Advanced tools
Auth commands for Salesforce CLI
This plugin is bundled with the Salesforce CLI. For more information on the CLI, read the getting started guide.
We always recommend using the latest version of these commands bundled with the CLI, however, you can install a specific version or tag if needed.
sfdx plugins:install auth@x.y.z
Please report any issues at https://github.com/forcedotcom/cli/issues
External contributors will be required to sign a Contributor's License Agreement. You can do so by going to https://cla.salesforce.com/sign-cla.
To build the plugin locally, make sure to have yarn installed and run the following commands:
# Clone the repository
git clone git@github.com:salesforcecli/plugin-auth
# Install the dependencies and compile
yarn install
yarn build
To use your plugin, run using the local ./bin/run or ./bin/run.cmd file.
# Run using local run file.
./bin/run auth
There should be no differences when running via the Salesforce CLI or using the local run file. However, it can be useful to link the plugin to do some additional testing or run your commands from anywhere on your machine.
# Link your plugin to the sfdx cli
sfdx plugins:link .
# To verify
sfdx plugins
sfdx auth:accesstoken:store -r <url> [-s] [-s] [-a <string>] [-p] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:device:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:jwt:grant -u <string> -f <filepath> -i <string> [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:list [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:logout [-a] [-p] [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:sfdxurl:store -f <filepath> [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:web:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx auth:accesstoken:store -r <url> [-s] [-s] [-a <string>] [-p] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]authorize an org using an existing Salesforce access token
authorize an org using an existing Salesforce access token
By default, the command runs interactively and asks you for the access token. If you previously authorized the org, the command prompts whether you want to overwrite the local file. Specify --noprompt to not be prompted.
To use the command in a CI/CD script, set the SFDX_ACCESS_TOKEN environment variable to the access token. Then run the command with the --noprompt parameter. "<org id>!<accesstoken>"
USAGE
$ sfdx auth:accesstoken:store -r <url> [-s] [-s] [-a <string>] [-p] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-p, --noprompt do not prompt for confirmation
-r, --instanceurl=instanceurl (required) the login URL of the
instance the org lives on
-s, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
By default, the command runs interactively and asks you for the access token. If you previously authorized the org,
the command prompts whether you want to overwrite the local file. Specify --noprompt to not be prompted.
To use the command in a CI/CD script, set the SFDX_ACCESS_TOKEN environment variable to the access token. Then run the
command with the --noprompt parameter. "<org id>!<accesstoken>"
ALIASES
$ sfdx force:auth:accesstoken:store
EXAMPLES
sfdx auth:accesstoken:store --instanceurl https://mycompany.my.salesforce.com
export SFDX_ACCESS_TOKEN=00Dxx0000000000!xxxxx
sfdx auth:accesstoken:store --instanceurl https://dev-hub.my.salesforce.com --noprompt
See code: src/commands/auth/accesstoken/store.ts
sfdx auth:device:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]authorize an org using a device code
authorize an org using a device code
You must open a browser, navigate to the verification URL, and enter the code. Log in, if not already logged in, and you’ll be prompted to allow the device to connect to the org.
USAGE
$ sfdx auth:device:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-d, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-i, --clientid=clientid OAuth client ID (sometimes called
the consumer key)
-r, --instanceurl=instanceurl the login URL of the instance the
org lives on
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
You must open a browser, navigate to the verification URL, and enter the code. Log in, if not already logged in, and
you’ll be prompted to allow the device to connect to the org.
ALIASES
$ sfdx force:auth:device:login
EXAMPLES
sfdx auth:device:login -d -a TestOrg1
sfdx auth:device:login -i <OAuth client id>
sfdx auth:device:login -r https://MyDomainName--SandboxName.sandbox.my.salesforce.com
See code: src/commands/auth/device/login.ts
sfdx auth:jwt:grant -u <string> -f <filepath> -i <string> [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]authorize an org using the JWT flow
authorize an org using the JWT flow
Use a certificate associated with your private key that has been uploaded to a personal connected app.
If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To specify a My Domain URL, use the format MyDomainName.my.salesforce.com (not MyDomainName.lightning.force.com). To specify a sandbox, set --instanceurl to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.
USAGE
$ sfdx auth:jwt:grant -u <string> -f <filepath> -i <string> [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-d, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-f, --jwtkeyfile=jwtkeyfile (required) path to a file containing
the private key
-i, --clientid=clientid (required) OAuth client ID
(sometimes called the consumer key)
-r, --instanceurl=instanceurl the login URL of the instance the
org lives on
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
-u, --username=username (required) authentication username
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
Use a certificate associated with your private key that has been uploaded to a personal connected app.
If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To
specify a My Domain URL, use the format MyDomainName.my.salesforce.com (not MyDomainName.lightning.force.com). To
specify a sandbox, set --instanceurl to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.
ALIASES
$ sfdx force:auth:jwt:grant
EXAMPLES
sfdx auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id>
sfdx auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id> -s -a MyDefaultOrg
sfdx auth:jwt:grant -u me@acme.org -f <path to jwt key file> -i <OAuth client id> -r https://acme.my.salesforce.com
See code: src/commands/auth/jwt/grant.ts
sfdx auth:list [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]list auth connection information
list auth connection information
USAGE
$ sfdx auth:list [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
ALIASES
$ sfdx force:auth:list
See code: src/commands/auth/list.ts
sfdx auth:logout [-a] [-p] [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]log out from authorized orgs
log out from authorized orgs
By default, this command logs you out from your default scratch org.
USAGE
$ sfdx auth:logout [-a] [-p] [-u <string>] [--apiversion <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --all include all authenticated orgs
-p, --noprompt do not prompt for confirmation
-u, --targetusername=targetusername username or alias for the target
org; overrides default target org
--apiversion=apiversion override the api version used for
api requests made by this command
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
By default, this command logs you out from your default scratch org.
ALIASES
$ sfdx force:auth:logout
EXAMPLES
sfdx auth:logout -u me@my.org
sfdx auth:logout -a
sfdx auth:logout -p
See code: src/commands/auth/logout.ts
sfdx auth:sfdxurl:store -f <filepath> [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]Authorize an org using an SFDX auth URL
Authorize an org using an SFDX auth URL
Authorize a Salesforce org using an SFDX auth URL stored within a file. The URL must have the format "force://<refreshToken>@<instanceUrl>" or "force://<clientId>:<clientSecret>:<refreshToken>@<instanceUrl>".
You have three options when creating the auth file. The easiest option is to redirect the output of the `sfdx force:org:display --verbose --json` command into a file.
For example, using an org you have already authorized:
$ sfdx force:org:display -u <DevHub> --verbose --json > authFile.json
$ sfdx auth:sfdxurl:store -f authFile.json
The resulting JSON file contains the URL in the sfdxAuthUrl property inside of a results object.
You can also create a JSON file that has a top-level property named sfdxAuthUrl whose value is the auth URL.
Finally, you can create a normal text file that includes just the URL and nothing else.
USAGE
$ sfdx auth:sfdxurl:store -f <filepath> [-d] [-s] [-a <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-d, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-f, --sfdxurlfile=sfdxurlfile (required) path to a file containing
the sfdx url
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
Authorize a Salesforce org using an SFDX auth URL stored within a file. The URL must have the format
"force://<refreshToken>@<instanceUrl>" or "force://<clientId>:<clientSecret>:<refreshToken>@<instanceUrl>".
You have three options when creating the auth file. The easiest option is to redirect the output of the `sfdx
force:org:display --verbose --json` command into a file.
For example, using an org you have already authorized:
$ sfdx force:org:display -u <DevHub> --verbose --json > authFile.json
$ sfdx auth:sfdxurl:store -f authFile.json
The resulting JSON file contains the URL in the sfdxAuthUrl property inside of a results object.
You can also create a JSON file that has a top-level property named sfdxAuthUrl whose value is the auth URL.
Finally, you can create a normal text file that includes just the URL and nothing else.
ALIASES
$ sfdx force:auth:sfdxurl:store
EXAMPLES
sfdx auth:sfdxurl:store -f <path to sfdxAuthUrl file>
sfdx auth:sfdxurl:store -f <path to sfdxAuthUrl file> -s -a MyDefaultOrg
See code: src/commands/auth/sfdxurl/store.ts
sfdx auth:web:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]authorize an org using the web login flow
authorize an org using the web login flow
If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To specify a My Domain URL, use the format MyDomainName.my.salesforce.com (not MyDomainName.lightning.force.com). To log in to a sandbox, set --instanceurl to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.
USAGE
$ sfdx auth:web:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-a, --setalias=setalias set an alias for the authenticated
org
-d, --setdefaultdevhubusername set the authenticated org as the
default dev hub org for scratch org
creation
-i, --clientid=clientid OAuth client ID (sometimes called
the consumer key)
-r, --instanceurl=instanceurl the login URL of the instance the
org lives on
-s, --setdefaultusername set the authenticated org as the
default username that all commands
run against
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To
specify a My Domain URL, use the format MyDomainName.my.salesforce.com (not MyDomainName.lightning.force.com). To log
in to a sandbox, set --instanceurl to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.
ALIASES
$ sfdx force:auth:web:login
EXAMPLES
sfdx auth:web:login -a TestOrg1
sfdx auth:web:login -i <OAuth client id>
sfdx auth:web:login -r https://MyDomainName--SandboxName.sandbox.my.salesforce.com
See code: src/commands/auth/web/login.ts
FAQs
plugin for sf auth commands
The npm package @salesforce/plugin-auth receives a total of 144,496 weekly downloads. As such, @salesforce/plugin-auth popularity was classified as popular.
We found that @salesforce/plugin-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.
Security News
TC39 met in Seattle and advanced 9 JavaScript proposals, including three to Stage 4, introducing new features and enhancements for a future ECMAScript release.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.