@salesforce/plugin-auth

plugin for sfdx auth commands

Usage no npm install needed!

<script type="module">
  import salesforcePluginAuth from 'https://cdn.skypack.dev/@salesforce/plugin-auth';
</script>

README

plugin-auth

NPM CircleCI Downloads/week License

Auth commands for Salesforce CLI

This plugin is bundled with the Salesforce CLI. For more information on the CLI, read the getting started guide.

We always recommend using the latest version of these commands bundled with the CLI, however, you can install a specific version or tag if needed.

Install

sfdx plugins:install auth@x.y.z

Issues

Please report any issues at https://github.com/forcedotcom/cli/issues

Contributing

  1. Please read our Code of Conduct
  2. Create a new issue before starting your project so that we can keep track of what you are trying to add/fix. That way, we can also offer suggestions or let you know if there is already an effort in progress.
  3. Fork this repository.
  4. Build the plugin locally
  5. Create a topic branch in your fork. Note, this step is recommended but technically not required if contributing using a fork.
  6. Edit the code in your fork.
  7. Write appropriate tests for your changes. Try to achieve at least 95% code coverage on any new code. No pull request will be accepted without unit tests.
  8. Sign CLA (see CLA below).
  9. Send us a pull request when you are done. We'll review your code, suggest any needed changes, and merge it in.

CLA

External contributors will be required to sign a Contributor's License Agreement. You can do so by going to https://cla.salesforce.com/sign-cla.

Build

To build the plugin locally, make sure to have yarn installed and run the following commands:

# Clone the repository
git clone git@github.com:salesforcecli/plugin-auth

# Install the dependencies and compile
yarn install
yarn build

To use your plugin, run using the local ./bin/run or ./bin/run.cmd file.

# Run using local run file.
./bin/run auth

There should be no differences when running via the Salesforce CLI or using the local run file. However, it can be useful to link the plugin to do some additional testing or run your commands from anywhere on your machine.

# Link your plugin to the sfdx cli
sfdx plugins:link .
# To verify
sfdx plugins

Commands

sfdx auth:accesstoken:store -r <url> [-d] [-s] [-a <string>] [-p] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

authorize an org using an existing Salesforce access token

USAGE
  $ sfdx auth:accesstoken:store -r <url> [-d] [-s] [-a <string>] [-p] [--json] [--loglevel
  trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

OPTIONS
  -a, --setalias=setalias                                                           set an alias for the authenticated
                                                                                    org

  -d, --setdefaultdevhubusername                                                    set the authenticated org as the
                                                                                    default dev hub org for scratch org
                                                                                    creation

  -p, --noprompt                                                                    do not prompt for confirmation

  -r, --instanceurl=instanceurl                                                     (required) the login URL of the
                                                                                    instance the org lives on

  -s, --setdefaultusername                                                          set the authenticated org as the
                                                                                    default username that all commands
                                                                                    run against

  --json                                                                            format output as json

  --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)  [default: warn] logging level for
                                                                                    this command invocation

DESCRIPTION
  By default, the command runs interactively and asks you for the access token. If you previously authorized the org,
  the command prompts whether you want to overwrite the local file. Specify --noprompt to not be prompted.
  To use the command in a CI/CD script, set the SFDX_ACCESS_TOKEN environment variable to the access token. Then run the
   command with the --noprompt parameter. "<org id>!<accesstoken>"

ALIASES
  $ sfdx force:auth:accesstoken:store

EXAMPLES
  sfdx auth:accesstoken:store --instanceurl https://mycompany.my.salesforce.com
  export SFDX_ACCESS_TOKEN=00Dxx0000000000!xxxxx
  sfdx auth:accesstoken:store --instanceurl https://dev-hub.my.salesforce.com --noprompt

See code: src/commands/auth/accesstoken/store.ts

sfdx auth:device:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

authorize an org using a device code

USAGE
  $ sfdx auth:device:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
  trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

OPTIONS
  -a, --setalias=setalias                                                           set an alias for the authenticated
                                                                                    org

  -d, --setdefaultdevhubusername                                                    set the authenticated org as the
                                                                                    default dev hub org for scratch org
                                                                                    creation

  -i, --clientid=clientid                                                           OAuth client ID (sometimes called
                                                                                    the consumer key)

  -r, --instanceurl=instanceurl                                                     the login URL of the instance the
                                                                                    org lives on

  -s, --setdefaultusername                                                          set the authenticated org as the
                                                                                    default username that all commands
                                                                                    run against

  --json                                                                            format output as json

  --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)  [default: warn] logging level for
                                                                                    this command invocation

DESCRIPTION
  You must open a browser, navigate to the verification URL, and enter the code. Log in, if not already logged in, and
  you’ll be prompted to allow the device to connect to the org.

ALIASES
  $ sfdx force:auth:device:login

EXAMPLES
  sfdx auth:device:login -d -a TestOrg1
  sfdx auth:device:login -i <OAuth client id>
  sfdx auth:device:login -r https://MyDomainName--SandboxName.sandbox.my.salesforce.com

See code: src/commands/auth/device/login.ts

sfdx auth:jwt:grant -u <string> -f <filepath> -i <string> [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

authorize an org using the JWT flow

USAGE
  $ sfdx auth:jwt:grant -u <string> -f <filepath> -i <string> [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
  trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

OPTIONS
  -a, --setalias=setalias                                                           set an alias for the authenticated
                                                                                    org

  -d, --setdefaultdevhubusername                                                    set the authenticated org as the
                                                                                    default dev hub org for scratch org
                                                                                    creation

  -f, --jwtkeyfile=jwtkeyfile                                                       (required) path to a file containing
                                                                                    the private key

  -i, --clientid=clientid                                                           (required) OAuth client ID
                                                                                    (sometimes called the consumer key)

  -r, --instanceurl=instanceurl                                                     the login URL of the instance the
                                                                                    org lives on

  -s, --setdefaultusername                                                          set the authenticated org as the
                                                                                    default username that all commands
                                                                                    run against

  -u, --username=username                                                           (required) authentication username

  --json                                                                            format output as json

  --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)  [default: warn] logging level for
                                                                                    this command invocation

DESCRIPTION
  Use a certificate associated with your private key that has been uploaded to a personal connected app.
  If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To
  specify a My Domain URL, use the format MyDomainName.my.salesforce.com (not MyDomainName.lightning.force.com). To
  specify a sandbox, set --instanceurl to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.

ALIASES
  $ sfdx force:auth:jwt:grant

EXAMPLES
  sfdx auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id>
  sfdx auth:jwt:grant -u me@my.org -f <path to jwt key file> -i <OAuth client id> -s -a MyDefaultOrg
  sfdx auth:jwt:grant -u me@acme.org -f <path to jwt key file> -i <OAuth client id> -r https://acme.my.salesforce.com

See code: src/commands/auth/jwt/grant.ts

sfdx auth:list [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

list auth connection information

USAGE
  $ sfdx auth:list [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

OPTIONS
  --json                                                                            format output as json

  --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)  [default: warn] logging level for
                                                                                    this command invocation

ALIASES
  $ sfdx force:auth:list

See code: src/commands/auth/list.ts

sfdx auth:logout [-a] [-p] [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

log out from authorized orgs

USAGE
  $ sfdx auth:logout [-a] [-p] [-u <string>] [--apiversion <string>] [--json] [--loglevel
  trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

OPTIONS
  -a, --all                                                                         include all authenticated orgs
  -p, --noprompt                                                                    do not prompt for confirmation

  -u, --targetusername=targetusername                                               username or alias for the target
                                                                                    org; overrides default target org

  --apiversion=apiversion                                                           override the api version used for
                                                                                    api requests made by this command

  --json                                                                            format output as json

  --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)  [default: warn] logging level for
                                                                                    this command invocation

DESCRIPTION
  By default, this command logs you out from your default scratch org.

ALIASES
  $ sfdx force:auth:logout

EXAMPLES
  sfdx auth:logout -u me@my.org
  sfdx auth:logout -a
  sfdx auth:logout -p

See code: src/commands/auth/logout.ts

sfdx auth:sfdxurl:store -f <filepath> [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

authorize an org using an SFDX auth URL stored within a file

USAGE
  $ sfdx auth:sfdxurl:store -f <filepath> [-d] [-s] [-a <string>] [--json] [--loglevel
  trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

OPTIONS
  -a, --setalias=setalias                                                           set an alias for the authenticated
                                                                                    org

  -d, --setdefaultdevhubusername                                                    set the authenticated org as the
                                                                                    default dev hub org for scratch org
                                                                                    creation

  -f, --sfdxurlfile=sfdxurlfile                                                     (required) path to a file containing
                                                                                    the sfdx url

  -s, --setdefaultusername                                                          set the authenticated org as the
                                                                                    default username that all commands
                                                                                    run against

  --json                                                                            format output as json

  --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)  [default: warn] logging level for
                                                                                    this command invocation

DESCRIPTION
  The SFDX auth URL must have the format "force://<clientId>:<clientSecret>:<refreshToken>@<instanceUrl>". NOTE: The
  SFDX auth URL uses the "force" protocol, and not "http" or "https". Also, the "instanceUrl" inside the SFDX auth URL
  doesn't include the protocol ("https://").

  You have three options when creating the auth file. The easiest option is to redirect the output of the `sfdx
  force:org:display --verbose --json` command into a file. For example, using an org you have already authorized:

      $ sfdx force:org:display -u <OrgUsername> --verbose --json > authFile.json
      $ sfdx auth:sfdxurl:store -f authFile.json

  The resulting JSON file contains the URL in the sfdxAuthUrl property inside of a results object. NOTE: The
  `force:org:display --verbose` command displays the refresh token only for orgs authorized with the web server flow,
  and not the JWT bearer flow.

  You can also create a JSON file that has a top-level property named sfdxAuthUrl whose value is the auth URL. Finally,
  you can create a normal text file that includes just the URL and nothing else.

ALIASES
  $ sfdx force:auth:sfdxurl:store

EXAMPLES
  sfdx auth:sfdxurl:store -f <path to sfdxAuthUrl file>
  sfdx auth:sfdxurl:store -f <path to sfdxAuthUrl file> -s -a MyDefaultOrg

See code: src/commands/auth/sfdxurl/store.ts

sfdx auth:web:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

authorize an org using the web login flow

USAGE
  $ sfdx auth:web:login [-i <string>] [-r <url>] [-d] [-s] [-a <string>] [--json] [--loglevel
  trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

OPTIONS
  -a, --setalias=setalias                                                           set an alias for the authenticated
                                                                                    org

  -d, --setdefaultdevhubusername                                                    set the authenticated org as the
                                                                                    default dev hub org for scratch org
                                                                                    creation

  -i, --clientid=clientid                                                           OAuth client ID (sometimes called
                                                                                    the consumer key)

  -r, --instanceurl=instanceurl                                                     the login URL of the instance the
                                                                                    org lives on

  -s, --setdefaultusername                                                          set the authenticated org as the
                                                                                    default username that all commands
                                                                                    run against

  --json                                                                            format output as json

  --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)  [default: warn] logging level for
                                                                                    this command invocation

DESCRIPTION
  If you specify an --instanceurl value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file. To
  specify a My Domain URL, use the format MyDomainName.my.salesforce.com (not MyDomainName.lightning.force.com). To log
  in to a sandbox, set --instanceurl to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.

ALIASES
  $ sfdx force:auth:web:login

EXAMPLES
  sfdx auth:web:login -a TestOrg1
  sfdx auth:web:login -i <OAuth client id>
  sfdx auth:web:login -r https://MyDomainName--SandboxName.sandbox.my.salesforce.com

See code: src/commands/auth/web/login.ts