Salesforce DX Developer Guide

How Salesforce Developer Experience Changes the Way You Work
Salesforce CLI Configuration and Tips
Project Setup
Authorization
Authorize an Org Using the Web-Based Flow
Authorize an Org Using the JWT-Based Flow
Create a Private Key and Self-Signed Digital Certificate
Create a Connected App
Use an Existing Access Token Instead of Authorizing
Authorization Information for an Org
Log Out of an Org
Metadata Coverage
Scratch Orgs
Sandboxes
Development
Build and Release Your App
First-Generation Managed Packages
Second-Generation Managed Packages
Unlocked Packages
Continuous Integration
Troubleshoot Salesforce DX
Limitations for Salesforce DX
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Authorization

The Dev Hub org allows you to create, delete, and manage your Salesforce scratch orgs. After you set up your project on your local machine, you authorize with the Dev Hub org before you can create a scratch org.
Available in: Salesforce Classic and Lightning Experience
Dev Hub available in: Developer,Enterprise, Performance, and Unlimited Editions
Scratch orgs available in: Developer, Enterprise, Group, and Professional Editions

You can also authorize other existing orgs, such as sandbox or packaging orgs, to provide more flexibility when using CLI commands. For example, after developing and testing an application using scratch orgs, you can deploy the changes to a centralized sandbox. Or, you can export a subset of data from an existing production org and import it into a scratch org for testing purposes.

You authorize an org only once. To switch between orgs during development, specify your username for the org. Use either the --targetusername (or --targetdevhubusername) CLI command parameter, set a default username, or use an alias.

You have some options when configuring authentication depending on what you’re trying to accomplish.

  • We provide the OAuth Refresh Token flow, also called web-based flow, through a global out-of-the-box connected app. When you authorize an org from the command line, you enter your credentials and authorize the global connected app through the Salesforce web browser authentication flow.
  • For continuous integration or automated environments in which you don’t want to manually enter credentials, use the OAuth JSON Web Tokens (JWT) Bearer Token flow, also called JWT-based flow. This authentication flow is ideal for scenarios where you cannot interactively log in to a browser, such as a continuous integration script.

If your Dev Hub org is configured with high assurance (stepped up) authentication, Salesforce prompts the user to verify identity. This verification process means that you can’t use the JWT flow and Salesforce CLI for headless authentication.

Important