Salesforce DX Developer Guide

How Salesforce Developer Experience (DX) Tooling Changes the Way You Work
Provide Developers Access to Salesforce DX Tools
Project Setup
Authorization
Authorize an Org Using a Browser
Authorize an Org Using the JWT Flow
Create a Private Key and Self-Signed Digital Certificate
Create an External Client App in Your Org
Create a Connected App in Your Org
Use the Default Connected App Securely
Use an Existing Access Token
Authorize an Org Using Its SFDX Authorization URL
Authorization Information for an Org
Log Out of an Org
Metadata Coverage
Scratch Orgs
Sandboxes
Track Changes Between Your Project and Org
Work with Data
Salesforce DX MCP Server and Tools (Beta)
Development
Build and Release Your App
Unlocked Packages
Continuous Integration
Troubleshoot Salesforce DX
Limitations for Salesforce DX
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Authorization

Authorization refers to logging into an org so you can run commands that require access to the org. Creating an org with a CLI command also automatically authorizes it. For example, you authorize a Dev Hub org to allow you to create, delete, and manage your Salesforce scratch orgs. After you set up your project on your local machine, you authorize the Dev Hub org before you can create a scratch org. When you run the command to create the scratch org, Salesforce CLI automatically authorizes it.
Available in: Salesforce Classic and Lightning Experience
Dev Hub available in: Developer,Enterprise, Performance, and Unlimited Editions
Scratch orgs are available in: Developer, Enterprise, Group, and Professional Editions

You can also authorize other existing orgs, such as sandboxes or packaging orgs, to provide more flexibility when using CLI commands.

You authorize an org only one time. To switch between orgs during development, specify the username that you used to log into the org with either the --target-org or --target-dev-hub flag. You can also set a default org or use an alias.

You have some options when authorizing an org, depending on what you’re trying to accomplish.

  • The easiest option is to run org login web, which opens a browser in which you enter your Salesforce credentials. This option is officially called the OAuth 2.0 web server flow.
  • For continuous integration (CI) or automated environments, use the org login jwt command. This option is officially called the OAuth 2.0 JSON Web Tokens (JWT) bearer flow. This flow is ideal for scenarios where you can’t interactively log in to a browser, such as from a CI script.

    You can also use the org login sfdx-url command in automated environments; this method uses the org’s SFDX authorization URL.

    If your org is configured with high assurance (stepped up) authentication, Salesforce prompts the user to verify their identity. This verification process means that you can’t use the JWT flow or SFDX authorization URL with Salesforce CLI for headless authentication.

    Important