Salesforce DX Developer Guide

How Salesforce Developer Experience Changes the Way You Work
Project Setup
Authorization
Authorize an Org Using the Web-Based Flow
Authorize an Org Using the JWT-Based Flow
Create a Private Key and Self-Signed Digital Certificate
Create a Connected App
Use an Existing Access Token Instead of Authorizing
Authorization Information for an Org
Log Out of an Org
Scratch Orgs
Development
Build and Release Your App
Develop Packages (Beta)
Continuous Integration
Troubleshoot Salesforce DX
Limitations for Salesforce DX
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Authorization

The Dev Hub org allows you to create, delete, and manage your Salesforce scratch orgs. After you set up your project on your local machine, you authorize with the Dev Hub org before you can create a scratch org.

The supported editions for Dev Hub orgs are Enterprise Edition (EE) and Unlimited Edition (UE).

Note

You can also authorize other existing orgs, such as sandbox or packaging orgs, to provide more flexibility when using CLI commands. For example, after developing and testing an application using scratch orgs, you can deploy the changes to a centralized sandbox. Or, you can export a subset of data from an existing production org and import it into a scratch org for testing purposes.

You authorize an org only once. To switch between orgs during development, specify your username for the org. Use either the --targetusername (or --targetdevhubusername) CLI command parameter, set a default username, or use an alias.

You have some options when configuring authentication depending on what you’re trying to accomplish.

  • We provide the OAuth Refresh Token flow, also called web-based flow, through a global out-of-the-box connected app. When you authorize an org from the command line, you enter your credentials and authorize the global connected app through the Salesforce web browser authentication flow.
  • For continuous integration or automated environments in which you don’t want to manually enter credentials, use the OAuth JSON Web Tokens (JWT) Bearer Token flow, also called JWT-based flow. This authentication flow is ideal for scenarios where you cannot interactively log in to a browser, such as a continuous integration script.