auth Commands | Salesforce CLI Command Reference

auth:device:login

Authorize an org using a device code. You must open a browser, navigate to the verification URL, and enter the code. Log in, if not already logged in, and you’ll be prompted to allow the device to connect to the org.

Command Syntax

sfdx force:auth:device:login: [--json]; [--loglevel LOGLEVEL]; [-i CLIENTID]; [-r INSTANCEURL]; [-d]; [-s]; [-a SETALIAS]

Parameters

--json: Optional; Format output as JSON.; Type: boolean
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal, TRACE, DEBUG, INFO, WARN, ERROR, FATAL; Default value: warn
-i | --clientid CLIENTID: Optional; OAuth client ID (aka consumer key); Type: string
-r | --instanceurl INSTANCEURL: Optional; login URL of the instance the org is on; Type: url
-d | --setdefaultdevhubusername: Optional; set the authenticated org as the default Dev Hub org for scratch org creation; Type: boolean
-s | --setdefaultusername: Optional; set the authenticated org as the default username that all commands run against; Type: boolean
-a | --setalias SETALIAS: Optional; set an alias for the authenticated org; Type: string

Help for auth:device:login

auth:jwt:grant

Authorizes a Salesforce org using the JWT flow.

Command Syntax

sfdx force:auth:jwt:grant: [--json]; [--loglevel LOGLEVEL]; -u USERNAME; -f JWTKEYFILE; -i CLIENTID; [-r INSTANCEURL]; [-d]; [-s]; [-a SETALIAS]

Parameters

--json: Optional; Format output as JSON.; Type: boolean
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal, TRACE, DEBUG, INFO, WARN, ERROR, FATAL; Default value: warn
-u | --username USERNAME: Required; The authentication username.; Type: string
-f | --jwtkeyfile JWTKEYFILE: Required; Path to a file containing the private key.; Type: filepath
-i | --clientid CLIENTID: Required; The OAuth client ID (sometimes referred to as the consumer key).; Type: string
-r | --instanceurl INSTANCEURL: Optional; The login URL of the Salesforce instance that the org lives on.; Type: url
-d | --setdefaultdevhubusername: Optional; Sets the authenticated org as the default Dev Hub org for scratch org creation.; Type: boolean
-s | --setdefaultusername: Optional; Sets the authenticated org as the default username that all commands run against.; Type: boolean
-a | --setalias SETALIAS: Optional; Sets an alias for the authenticated org.; Type: string

Help for auth:jwt:grant

Authorizes a Salesforce org using a private key file that has been uploaded to a personal connected app.

If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To specify a My Domain URL, use the format <yourdomain>.my.salesforce.com (not <yourdomain>.lightning.force.com).

Examples:

1$ sfdx force:auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id>

1$ sfdx force:auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id> -s -a MyDefaultOrg

1$ sfdx force:auth:jwt:grant -u me@acme.org -f <path to jwt key file> -i <OAuth client id> -r https://acme.my.salesforce.com

auth:list

list auth connection information

Command Syntax

sfdx force:auth:list: [--json]; [--loglevel LOGLEVEL]

Parameters

--json: Optional; Format output as JSON.; Type: boolean
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal, TRACE, DEBUG, INFO, WARN, ERROR, FATAL; Default value: warn

Help for auth:list

auth:logout

Logs you out from one or all of your authorized Salesforce orgs.

Command Syntax

sfdx force:auth:logout: [--json]; [--loglevel LOGLEVEL]; [-u TARGETUSERNAME]; [--apiversion APIVERSION]; [-a]; [-p]

Parameters

--json: Optional; Format output as JSON.; Type: boolean
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal, TRACE, DEBUG, INFO, WARN, ERROR, FATAL; Default value: warn
-u | --targetusername TARGETUSERNAME: Optional; A username or alias for the target org. Overrides the default target org.; Type: string
--apiversion APIVERSION: Optional; Override the API version used for API requests made by this command.; Type: string
-a | --all: Optional; Includes all authenticated orgs: for example, Dev Hubs, sandboxes, DE orgs, and expired, deleted, and unknown-status scratch orgs.; Type: boolean
-p | --noprompt: Optional; Do not prompt for confirmation.; Type: boolean

Help for auth:logout

By default, this command logs you out from your default scratch org.

Examples:

1$ sfdx force:auth:logout -u me@my.org

1$ sfdx force:auth:logout -a

1$ sfdx force:auth:logout -p

auth:sfdxurl:store

Authorizes a Salesforce org using an SFDX auth URL.

Command Syntax

sfdx force:auth:sfdxurl:store: [--json]; [--loglevel LOGLEVEL]; -f SFDXURLFILE; [-d]; [-s]; [-a SETALIAS]

Parameters

--json: Optional; Format output as JSON.; Type: boolean
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal, TRACE, DEBUG, INFO, WARN, ERROR, FATAL; Default value: warn
-f | --sfdxurlfile SFDXURLFILE: Required; Path to a file containing the SFDX URL.; Type: filepath
-d | --setdefaultdevhubusername: Optional; Sets the authenticated org as the default Dev Hub org for scratch org creation.; Type: boolean
-s | --setdefaultusername: Optional; Sets the authenticated org as the default username that all commands run against.; Type: boolean
-a | --setalias SETALIAS: Optional; Sets an alias for the authenticated org.; Type: string

Help for auth:sfdxurl:store

Authorize a Salesforce org using an SFDX auth URL stored within a file.

The file must have the format "force://<refreshToken>@<instanceUrl>" or "force://<clientId>:<clientSecret>:<refreshToken>@<instanceUrl>".

The file must contain only the URL or be a JSON file that has a top-level property named sfdxAuthUrl.

Examples:

1$ sfdx force:auth:sfdxurl:store -f <path to sfdxAuthUrl file>

1$ sfdx force:auth:sfdxurl:store -f <path to sfdxAuthUrl file> -s -a MyDefaultOrg

auth:web:login

Authorizes a Salesforce org by opening a browser so you can log in through salesforce.com.

Command Syntax

sfdx force:auth:web:login: [--json]; [--loglevel LOGLEVEL]; [-i CLIENTID]; [-r INSTANCEURL]; [-d]; [-s]; [-a SETALIAS]

Parameters

--json: Optional; Format output as JSON.; Type: boolean
--loglevel LOGLEVEL: Optional; The logging level for this command invocation. Logs are stored in $HOME/.sfdx/sfdx.log.; Type: string; Permissible values are: trace, debug, info, warn, error, fatal, TRACE, DEBUG, INFO, WARN, ERROR, FATAL; Default value: warn
-i | --clientid CLIENTID: Optional; The OAuth client ID (sometimes referred to as the consumer key).; Type: string
-r | --instanceurl INSTANCEURL: Optional; The login URL of the Salesforce instance that the org lives on.; Type: url
-d | --setdefaultdevhubusername: Optional; Sets the authenticated org as the default Dev Hub org for scratch org creation.; Type: boolean
-s | --setdefaultusername: Optional; Sets the authenticated org as the default username that all commands run against.; Type: boolean
-a | --setalias SETALIAS: Optional; Sets an alias for the authenticated org.; Type: string

Help for auth:web:login

To log in to a sandbox, set --instanceurl to https://test.salesforce.com.

Examples:

1$ sfdx force:auth:web:login -a TestOrg1

1$ sfdx force:auth:web:login -i <OAuth client id>

1$ sfdx force:auth:web:login -r https://test.salesforce.com