Salesforce DX Developer Guide

How Salesforce Developer Experience Changes the Way You Work
Project Setup
Authorization
Authorize an Org Using the Web-Based Flow
Authorize an Org Using the JWT-Based Flow
Create a Private Key and Self-Signed Digital Certificate
Create a Connected App
Use an Existing Access Token Instead of Authorizing
Authorization Information for an Org
Log Out of an Org
Metadata Coverage
Scratch Orgs
Development
Build and Release Your App
First-Generation Managed Packages
Unlocked Packages and Second-Generation Managed Packages
Continuous Integration
Troubleshoot Salesforce DX
Limitations for Salesforce DX
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Authorize an Org Using the Web-Based Flow

To authorize an org with the web-based flow, all you do is run a CLI command. Enter your credentials in a browser, and you’re up and running!
Authorization requires a connected app. We provide a connected app that is used by default. If you need more security or control, such as setting the refresh token timeout or specifying IP ranges, you can optionally create a connected app.
  1. (Optional) Create a connected app if you require more security and control than offered by the provided connected app. Enable OAuth settings for the new connected app. Make note of the consumer key because you need it later.
  2. If the org you are authorizing is on a My Domain subdomain, update your project configuration file (sfdx-project.json). Set the sfdcLoginUrl parameter to your My Domain login URL. If you are authorizing a sandbox, set the parameter to https://test.salesforce.com. For example: 
    1"sfdcLoginUrl" : "https://test.salesforce.com"
    1"sfdcLoginUrl" : "https://somethingcool.my.salesforce.com"

    Alternatively, use the --instanceurl parameter of the force:auth:web:login command, as shown in the next step, to specify the URL.

  3. Run the force:auth:web:login CLI command. If you are authorizing a Dev Hub org, use the --setdefaultdevhubusername parameter if you want the Dev Hub org to be the default for commands that accept the --targetdevhubusername parameter. 
    1sfdx force:auth:web:login --setdefaultdevhubusername --setalias my-hub-org 
2sfdx force:auth:web:login --setalias my-sandbox

    If you are using your own connected app, use the --clientid parameter. For example, if your client identifier (also called the consumer key) is 04580y4051234051 and you are authorizing a Dev Hub org:

    1sfdx force:auth:web:login --clientid 04580y4051234051 --setdefaultdevhubusername --setalias my-hub-org

    To specify a login URL other than the default, such as https://test.salesforce.com:

    1sfdx force:auth:web:login --setalias my-hub-org --instanceurl https://test.salesforce.com

    Use the --setdefaultdevhubusername parameter only when authorizing a Dev Hub org. Do not use it when authorizing to other orgs, such as a sandbox.

    Important

  4. In the browser window that opens, sign in to your org with your credentials.
  5. Close the browser window, unless you want to explore the org.