SFDX Org Authorization ☑️

Salesforce CLI offers several authorization methods, in the following, I will describe how to use each of them

auth:web:login 🌐

In order to authorize an org, just run the following command

sfdx force:auth:web:login -r https://test.salesforce.com -a YourOrgAliasName (for sandbox)

sfdx force:auth:web:login -a YourOrgAliasName (for production)

Your default browser should automatically open on the Salesforce login page, once you have logged in, you’ll get the page below asking you to allow access for the Salesforce CLI

Authorize Org using auth:web:login

After clicking Allow, you should get the message below in the terminal

Successfully authorized ☑️

auth:sfdxurl:store 🔗

sfdx force:org:display -a YourExistingOrgAliasName

You can construct the sfdxurl file from its output

The file must have one of the following format

  • force://<AccessToken>@<instanceUrl>
  • force://<clientId>::<AccessToken>@<instanceUrl>

You can also display the constructed sfdxurl using the verbose mode

sfdx force:org:display -a YourExistingOrgAliasName --verbose

The “Sfdx Auth Url” should show in the output

Save the sfdxurl to a file and copy it to a machine B, then run the sfdxurl:store command to authorize the same org without using a username/password

sfdx force:auth:sfdxurl:store -f ./sfdxurl.txt -a YourOrgAliasName

Successfully authorized ☑️

auth:jwt:grant ⚙️

1- create a private key and a self-signed digital certificate

mkdir JWT

cd JWT

Generate a private key and store it in server.key file

openssl genrsa -des3 -passout pass:X -out server.pass.key 2048

openssl rsa -passin pass:X -in server.pass.key -out server.key

remove the server.pass.key

rm server.pass.key

Generate a certificate signing request using the server.keyfile

openssl req -new -key server.key -out server.csr

Generate a self-signed digital certificate from the server.key and server.csr files

openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

The server.crtwill be used to create the connected app

2 — Create a connected app

Click “Enable OAuth Settings” and “Use digital signatures”

Upload the server.crt generated in the step 1 as a digital signature for the connected app

Save the connected app then click manage

In the “OAuth Policies” section, activate the Admin approved users are pre-authorized for Permitted Users

Add the profiles or permission sets that you want to pre-approve in the “Manage Profiles” and “Manage Permission Sets” sections

Authorize your org (add -r https://test.salesforce.com for a sandbox)

sfdx force:auth:jwt:grant -i {clientId} -f ./JWT/server.key -a YourOrgAliasName

Successfully authorized ☑️

auth:device:login 📟

Create a connected app without a digital signature

Make sure to enable the Device Flow

Run the flowing command to authorize your org (add -r https://test.salesforce.com for a sandbox)

sfdx force:auth:web:login -i {clientId} -a YourOrgAliasName

Input the connected app secret (Consumer Secret)

Access the setup connect URL

Input the user code then login to your org

Successfully authorized ☑️

References :

Salesforce Technical Architect, from Paris with ♥