Newer Version Available
Authorize an Org Using the JWT-Based Flow
Continuous integration (CI) environments are fully automated and don’t support the
human interactivity of a web-based flow. In this case, you must use the JWT-based flow to
authorize a Dev Hub.
The JWT-based authorization flow requires first generating a digital certificate and creating a connected app. You execute these tasks only once. After that, you can authorize the Dev Hub in a script that runs in your CI environment.
For information about using JWT-based authorization with the Travis CI), see the Continuous Integration Using Salesforce DX Trailhead module.
- If you do not have your own private key and digital certificate, use OpenSSL to create the key and a self-signed certificate. It is assumed in this task that your private key file is named server.key and your digital certificate is named server.crt.
- Create a connected app, and configure it for Salesforce DX. This task includes uploading the server.crt digital certificate file. Make note of the consumer key when you save the connected app because you need it later.
-
If the org you are authorizing is not hosted on https://login.salesforce.com, update your project configuration file
(sfdx-project.json). Set the sfdcLoginUrl parameter to the login URL. Examples of other
login URLs are your custom subdomain or https://test.salesforce.com for sandboxes. For example:
1"sfdcLoginUrl" : "https://test.salesforce.com"Alternatively, use the --instanceUrl parameter of the force:auth:jwt:grant command, as shown in the next step, to specify the URL.
-
Run the force:auth:jwt:grant CLI command. Specify
the client identifier from your connected app (also called the consumer key), the path to
the private key file (server.key), and the JWT
authentication username. When you authorize a Dev Hub, set it as the default with the
--setdefaultdevhubusername parameter. For
example:
1sfdx force:auth:jwt:grant --clientid 04580y4051234051 --jwtkeyfile /Users/jdoe/JWT/server.key --username jdoe@acdxgs0hub.org --setdefaultdevhubusername --setalias my-hub-orgTo specify a different login URL:
1sfdx force:auth:jwt:grant --clientid 04580y4051234051 --jwtkeyfile /Users/jdoe/JWT/server.key --username jdoe@acdxgs0hub.org --setdefaultdevhubusername --setalias my-hub-org --instanceUrl https://test.salesforce.com