Salesforce DX Developer Guide

How Salesforce Developer Experience Changes the Way You Work
Enable Dev Hub Features in Your Org
Project Setup
Authorization
Authorize an Org Using the Web Server Flow
Authorize an Org Using the JWT Bearer Flow
Create a Private Key and Self-Signed Digital Certificate
Create a Connected App for Your Dev Hub Org
Use an Existing Access Token instead of Authorizing
Authorization Information for an Org
Log Out of an Org
Metadata Coverage
Scratch Orgs
Sandboxes
Track Changes Between Your Project and Org
Development
Build and Release Your App
First-Generation Managed Packages
Second-Generation Managed Packages
Unlocked Packages
Continuous Integration
Troubleshoot Salesforce DX
Limitations for Salesforce DX
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Authorize an Org Using the Web Server Flow

To authorize an org with the OAuth 2.0 web server flow, all you do is run a CLI command. Enter your credentials in a browser, and you’re up and running!
Authorization requires a connected app. We provide a connected app that is used by default. If you need more security or control, such as setting the refresh token timeout or specifying IP ranges, you can create your own connected app.
  1. (Optional) Create a connected app if you require more security and control than offered by the provided connected app. Enable OAuth settings for the new connected app. Make note of the consumer key because you need it later.
  2. If the org you are authorizing is on a My Domain subdomain, update your project configuration file (sfdx-project.json). Set the sfdcLoginUrl parameter to your My Domain login URL. If you are authorizing a sandbox, set the parameter to https://test.salesforce.com. For example: 
    1"sfdcLoginUrl" : "https://test.salesforce.com"
    1"sfdcLoginUrl" : "https://somethingcool.my.salesforce.com"

    Alternatively, to specify the URL, use the --instanceurl parameter of the auth:web:login command, as shown in the next step.

  3. Run the auth:web:login CLI command. If you are authorizing a Dev Hub org, use the --setdefaultdevhubusername parameter if you want the Dev Hub org to be the default for commands that accept the --targetdevhubusername parameter. 
    1sfdx auth:web:login --setdefaultdevhubusername --setalias my-hub-org 
2sfdx auth:web:login --setalias my-sandbox

    If you are using your own connected app, use the --clientid parameter. For example, if your client identifier (also called the consumer key) is 04580y4051234051 and you are authorizing a Dev Hub org:

    1sfdx auth:web:login --clientid 04580y4051234051 --setdefaultdevhubusername --setalias my-hub-org

    To specify a login URL other than the default, such as https://test.salesforce.com, use the --instanceurl parameter:

    1sfdx auth:web:login --setalias my-hub-org --instanceurl https://test.salesforce.com

    Use the --setdefaultdevhubusername parameter only when authorizing a Dev Hub org. Do not use it when authorizing access to other orgs, such as a sandbox.

    Important

  4. In the browser window that opens, sign in to your org with your credentials.
  5. Close the browser window, unless you want to explore the org.