auth Commands

Use the auth commands to authorize a Salesforce org for use with the Salesforce CLI.

auth:jwt:grant

Authorizes a Salesforce org using the JWT flow.

Command Syntax

sfdx force:auth:jwt:grant
-u USERNAME
-f JWTKEYFILE
-i CLIENTID
[-r INSTANCEURL]
[-d]
[-s]
[-a SETALIAS]
[--json]
[--loglevel LOGLEVEL]

Parameters

-u | --username USERNAME
Required




The authentication username.

Type: string
-f | --jwtkeyfile JWTKEYFILE
Required




Path to a file containing the private key.

Type: filepath
-i | --clientid CLIENTID
Required




The OAuth client ID (sometimes referred to as the consumer key).

Type: string
-r | --instanceurl INSTANCEURL
Optional




The login URL of the Salesforce instance that the org lives on.

Type: url
-d | --setdefaultdevhubusername
Optional




Sets the authenticated org as the default Dev Hub org for scratch org creation.

Type: flag
-s | --setdefaultusername
Optional




Sets the authenticated org as the default username that all commands run against.

Type: flag
-a | --setalias SETALIAS
Optional




Sets an alias for the authenticated org.

Type: string
--json
Optional




Format output as JSON.

Type: flag
--loglevel LOGLEVEL
Optional




The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.

Type: string
Permissible values are: trace, debug, info, warn, error, fatal
Default value: error

Help for auth:jwt:grant

Authorizes a Salesforce org using a private key file that has been uploaded to a personal connected app.

Examples:

1$ sfdx force:auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <oauth client id>
1$ sfdx force:auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <oauth client id> -s -a MyDefaultOrg

auth:sfdxurl:store

Authorizes a Salesforce org using an SFDX auth URL.

Command Syntax

sfdx force:auth:sfdxurl:store
-f SFDXURLFILE
[-d]
[-s]
[-a SETALIAS]
[--json]
[--loglevel LOGLEVEL]

Parameters

-f | --sfdxurlfile SFDXURLFILE
Required




Path to a file containing the SFDX URL.

Type: filepath
-d | --setdefaultdevhubusername
Optional




Sets the authenticated org as the default Dev Hub org for scratch org creation.

Type: flag
-s | --setdefaultusername
Optional




Sets the authenticated org as the default username that all commands run against.

Type: flag
-a | --setalias SETALIAS
Optional




Sets an alias for the authenticated org.

Type: string
--json
Optional




Format output as JSON.

Type: flag
--loglevel LOGLEVEL
Optional




The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.

Type: string
Permissible values are: trace, debug, info, warn, error, fatal
Default value: error

Help for auth:sfdxurl:store

Authorize a Salesforce org using an SFDX auth URL stored within a file.

The file must have use format "force://(<clientId>:<clientSecret>:)?<refreshToken>@<instanceUrl>", where "?" denotes an option value.

The file must contain only the URL or be a JSON file that has a top-level property named sfdxAuthUrl.

Examples:

1$ sfdx force:auth:sfdxurl:store -f <path to sfdxAuthUrl file>
1$ sfdx force:auth:sfdxurl:store -f <path to sfdxAuthUrl file> -s -a MyDefaultOrg

auth:web:login

Authorizes a Salesforce org by opening a browser so you can log in through salesforce.com.

Command Syntax

sfdx force:auth:web:login
[-i CLIENTID]
[-r INSTANCEURL]
[-d]
[-s]
[-a SETALIAS]
[--json]
[--loglevel LOGLEVEL]

Parameters

-i | --clientid CLIENTID
Optional




The OAuth client ID (sometimes referred to as the consumer key).

Type: string
-r | --instanceurl INSTANCEURL
Optional




The login URL of the Salesforce instance that the org lives on.

Type: url
-d | --setdefaultdevhubusername
Optional




Sets the authenticated org as the default Dev Hub org for scratch org creation.

Type: flag
-s | --setdefaultusername
Optional




Sets the authenticated org as the default username that all commands run against.

Type: flag
-a | --setalias SETALIAS
Optional




Sets an alias for the authenticated org.

Type: string
--json
Optional




Format output as JSON.

Type: flag
--loglevel LOGLEVEL
Optional




The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.

Type: string
Permissible values are: trace, debug, info, warn, error, fatal
Default value: error

Help for auth:web:login

To log in to a sandbox, set --instanceurl to https://test.salesforce.com.

Examples:

1$ sfdx force:auth:web:login -a TestOrg1
1$ sfdx force:auth:web:login -i <oauth client id>
1$ sfdx force:auth:web:login -r https://test.salesforce.com