auth Commands | Salesforce CLI Command Reference

auth:jwt:grant

Authorizes a Salesforce org using the JWT flow.

Command Syntax

sfdx force:auth:jwt:grant: -u USERNAME; -f JWTKEYFILE; -i CLIENTID; [-r INSTANCEURL]; [-d]; [-s]; [-a SETALIAS]; [--json]; [--loglevel LOGLEVEL]

Parameters

-u | --username USERNAME: Required; The authentication username.; Type: string
-f | --jwtkeyfile JWTKEYFILE: Required; Path to a file containing the private key.; Type: filepath
-i | --clientid CLIENTID: Required; The OAuth client ID (sometimes referred to as the consumer key).; Type: string
-r | --instanceurl INSTANCEURL: Optional; The login URL of the Salesforce instance that the org lives on.; Type: url
-d | --setdefaultdevhubusername: Optional; Sets the authenticated org as the default Dev Hub org for scratch org creation.; Type: flag
-s | --setdefaultusername: Optional; Sets the authenticated org as the default username that all commands run against.; Type: flag
-a | --setalias SETALIAS: Optional; Sets an alias for the authenticated org.; Type: string
--json: Optional; Format output as JSON.; Type: flag
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal; Default value: error

Help for auth:jwt:grant

Authorizes a Salesforce org using a private key file that has been uploaded to a personal connected app.

If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To specify a My Domain URL, use the format <yourdomain>.my.salesforce.com (not <yourdomain>.lightning.force.com).

Examples:

1$ sfdx force:auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id>

1$ sfdx force:auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id> -s -a MyDefaultOrg

1$ sfdx force:auth:jwt:grant -u me@acme.org -f <path to jwt key file> -i <OAuth client id> -r https://acme.my.salesforce.com

auth:logout

Logs you out from one or all of your authorized Salesforce orgs.

Command Syntax

sfdx force:auth:logout: [-a]; [-p]; [-u TARGETUSERNAME]; [--json]; [--loglevel LOGLEVEL]

Parameters

-a | --all: Optional; Includes all authenticated orgs: for example, Dev Hubs, sandboxes, DE orgs, and expired, deleted, and unknown-status scratch orgs.; Type: flag
-p | --noprompt: Optional; Do not prompt for confirmation.; Type: flag
-u | --targetusername TARGETUSERNAME: Optional; A username or alias for the target org. Overrides the default target org.; Type: string
--json: Optional; Format output as JSON.; Type: flag
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal; Default value: error

Help for auth:logout

By default, this command logs you out from your default scratch org.

Examples:

1$ sfdx force:auth:logout -u me@my.org

1$ sfdx force:auth:logout -a

1$ sfdx force:auth:logout -p

auth:sfdxurl:store

Authorizes a Salesforce org using an SFDX auth URL.

Command Syntax

sfdx force:auth:sfdxurl:store: -f SFDXURLFILE; [-d]; [-s]; [-a SETALIAS]; [--json]; [--loglevel LOGLEVEL]

Parameters

-f | --sfdxurlfile SFDXURLFILE: Required; Path to a file containing the SFDX URL.; Type: filepath
-d | --setdefaultdevhubusername: Optional; Sets the authenticated org as the default Dev Hub org for scratch org creation.; Type: flag
-s | --setdefaultusername: Optional; Sets the authenticated org as the default username that all commands run against.; Type: flag
-a | --setalias SETALIAS: Optional; Sets an alias for the authenticated org.; Type: string
--json: Optional; Format output as JSON.; Type: flag
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal; Default value: error

Help for auth:sfdxurl:store

Authorize a Salesforce org using an SFDX auth URL stored within a file.

The file must have the format "force://<refreshToken>@<instanceUrl>" or "force://<clientId>:<clientSecret>:<refreshToken>@<instanceUrl>".

The file must contain only the URL or be a JSON file that has a top-level property named sfdxAuthUrl.

Examples:

1$ sfdx force:auth:sfdxurl:store -f <path to sfdxAuthUrl file>

1$ sfdx force:auth:sfdxurl:store -f <path to sfdxAuthUrl file> -s -a MyDefaultOrg

auth:web:login

Authorizes a Salesforce org by opening a browser so you can log in through salesforce.com.

Command Syntax

sfdx force:auth:web:login: [-i CLIENTID]; [-r INSTANCEURL]; [-d]; [-s]; [-a SETALIAS]; [--json]; [--loglevel LOGLEVEL]

Parameters

-i | --clientid CLIENTID: Optional; The OAuth client ID (sometimes referred to as the consumer key).; Type: string
-r | --instanceurl INSTANCEURL: Optional; The login URL of the Salesforce instance that the org lives on.; Type: url
-d | --setdefaultdevhubusername: Optional; Sets the authenticated org as the default Dev Hub org for scratch org creation.; Type: flag
-s | --setdefaultusername: Optional; Sets the authenticated org as the default username that all commands run against.; Type: flag
-a | --setalias SETALIAS: Optional; Sets an alias for the authenticated org.; Type: string
--json: Optional; Format output as JSON.; Type: flag
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal; Default value: error

Help for auth:web:login

To log in to a sandbox, set --instanceurl to https://test.salesforce.com.

Examples:

1$ sfdx force:auth:web:login -a TestOrg1

1$ sfdx force:auth:web:login -i <OAuth client id>

1$ sfdx force:auth:web:login -r https://test.salesforce.com