Salesforce DX Developer Guide (Beta)

How Salesforce Developer Experience Changes the Way You Work (Beta)
Project Setup
Authorization
Authorize an Org Using the Web-Based Flow
Authorize an Org Using the JWT-Based Flow
Create a Private Key and Self-Signed Digital Certificate
Create a Connected App
Use an Existing Access Token Instead of Authorizing
Authorization Information for an Org
Scratch Orgs
Development
Build and Release Your App
Continuous Integration
Troubleshoot Salesforce DX
Considerations for Salesforce DX (Beta)
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Create a Connected App

If you use JWT-based authorization, you must create your own connected app in your Dev Hub org. You can also create a connected app for web-based authorization if you require more security than provided with our connected app. For example, you can create a connected app to set the refresh token timeout or specify IP ranges.

You create a connected app using Setup in your Dev Hub org. These steps assume that you are using Lightning Experience.

JWT-based authorization requires a digital certificate, also called a digital signature. You can use your own certificate or create a self-signed certificate using OpenSSL.

The steps marked JWT only are required only if you are creating a connected app for JWT-based authorization. They are optional for web-based authorization.

Note

  1. Log in to your Dev Hub org.
  2. From Setup, enter App Manager in the Quick Find box to get to the Lightening Experience App Manager.
  3. In the top-right corner, click New Connected App.
  4. Update the basic information as needed, such as the connected app name and your email address.
  5. Select Enable OAuth Settings.
  6. For the callback URL, enter http://localhost:1717/OauthRedirect.

    If port 1717 (the default) is already in use on your local machine, specify an available one instead. Make sure to also update your sfdx-project.json file by setting the oathLocalPort property to the new port. For example, if you set the callback URL to http://localhost:1919/OauthRedirect:

    1"oauthLocalPort" : "1919"
  7. (JWT only) Select Use digital signatures.
  8. (JWT only) Click Choose File and upload the server.crt file that contains your digital certificate.
  9. Add these OAuth scopes:
    • Access and manage your data (api)
    • Perform requests on your behalf at any time (refresh_token, offline_access)
    • Provide access to your data via the Web (web)
  10. Click Save.

    Make note of the consumer key because you need it later when you run a force:auth command.

    Important

  11. (JWT only) Click Manage.
  12. (JWT only) Click Edit Policies.
  13. (JWT only) In the OAuth Policies section, select Admin approved users are pre-authorized for Permitted Users, and click OK.
  14. (JWT only) Click Save.
  15. (JWT only) Click Manage Profiles and then click Manage Permission Sets. Select the profiles and permission sets that are pre-authorized to use this connected app. Create permission sets if necessary.