jwt Commands (Deprecated)

Authorize an org using JWT.

auth:jwt:grant (Deprecated)

Authorize an org using the JWT flow.

This command is deprecated. As of April 20, 2023, we no longer maintain this section of the command reference. Refer to the reference information about the sf-style commands instead, which we update regularly. We keep this reference information about the sfdx-style commands as-is for historical reference only.

Don't worry, this command and its flags continue to work the same as before, and any scripts that use the command won’t break. However, we recommend that you start using the equivalent sf-style org login jwt command instead. Here’s how the flags changed between the old and new commands; if a flag isn't listed, the old and new names are the same:

  • Removed flag: --loglevel. Use the SF_LOG_LEVEL environment variable instead.
  • Changed flag name: Old name --jwtkeyfile. New name: --jwt-key-file.
  • Changed flag name: Old name --clientid. New name: --client-id.
  • Changed flag name: Old name --setdefaultdevhubusername. New name: --set-default-dev-hub.
  • Changed flag name: Old name --setalias. New name: --alias.
  • Changed flag name: Old name --username. New name: Same, but with new short flag name-o.
  • Changed flag name: Old name --instanceurl. New name: --instance-url.
  • Changed flag name: Old name --setdefaultusername. New name: --set-default.

For background information about this change, read this blog post, which describes how we've updated many of the existing sfdx commands to use the improvements we made in sf. We improved this particular command on March 2, 2023.

Warning

Help for auth:jwt:grant

Use a certificate associated with your private key that has been uploaded to a personal connected app.

If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To specify a My Domain URL, use the format MyDomainName.my.salesforce.com (not MyDomainName.lightning.force.com). To specify a sandbox, set --instanceurl to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.

Examples for auth:jwt:grant

1sfdx auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id>
1sfdx auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id> -s -a MyDefaultOrg
1sfdx auth:jwt:grant -u me@acme.org -f <path to jwt key file> -i <OAuth client id> -r https://acme.my.salesforce.com

Command Syntax

sfdx auth:jwt:grant
[--json]
[--loglevel LOGLEVEL]
-u USERNAME
-f JWTKEYFILE
-i CLIENTID
[-r INSTANCEURL]
[-d]
[-s]
[-a SETALIAS]

Parameters

--json
Optional

Format output as JSON.

Type: boolean
--loglevel LOGLEVEL
Optional

The logging level for this command invocation. Logs are stored in $HOME/.sf/sf.log.

Type: enum
Permissible values are: trace, debug, info, warn, error, fatal, TRACE, DEBUG, INFO, WARN, ERROR, FATAL
Default value: warn
-u | --username USERNAME
Required

Authentication username.

Type: string
-f | --jwtkeyfile JWTKEYFILE
Required

Path to a file containing the private key.

Type: filepath
-i | --clientid CLIENTID
Required

OAuth client ID (sometimes called the consumer key).

Type: string
-r | --instanceurl INSTANCEURL
Optional

The login URL of the instance the org lives on.

Type: url
-d | --setdefaultdevhubusername
Optional

Set the authenticated org as the default dev hub org for scratch org creation.

Type: boolean
-s | --setdefaultusername
Optional

Set the authenticated org as the default username that all commands run against.

Type: boolean
-a | --setalias SETALIAS
Optional

Set an alias for the authenticated org.

Type: string

Aliases for auth:jwt:grant

1force:auth:jwt:grant