{"id":33589341,"url":"https://github.com/salesforcecli/plugin-auth","last_synced_at":"2026-04-11T05:13:54.369Z","repository":{"id":36963600,"uuid":"290865409","full_name":"salesforcecli/plugin-auth","owner":"salesforcecli","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-29T03:44:38.000Z","size":9362,"stargazers_count":13,"open_issues_count":5,"forks_count":12,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-03-29T06:27:54.007Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/salesforcecli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-08-27T19:37:27.000Z","updated_at":"2026-03-29T03:44:40.000Z","dependencies_parsed_at":"2023-11-15T22:28:46.498Z","dependency_job_id":"3a447a9c-6244-46fb-a7ba-a01838bb2357","html_url":"https://github.com/salesforcecli/plugin-auth","commit_stats":{"total_commits":657,"total_committers":26,"mean_commits":25.26923076923077,"dds":0.5312024353120244,"last_synced_commit":"bc2a1eecd208b4c6118f1da62ac2a3cd355d74b6"},"previous_names":[],"tags_count":409,"template":false,"template_full_name":null,"purl":"pkg:github/salesforcecli/plugin-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforcecli%2Fplugin-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforcecli%2Fplugin-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforcecli%2Fplugin-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforcecli%2Fplugin-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/salesforcecli","download_url":"https://codeload.github.com/salesforcecli/plugin-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/salesforcecli%2Fplugin-auth/sbom","scorecard":{"id":162144,"data":{"date":"2025-08-04","repo":{"name":"github.com/salesforcecli/plugin-auth","commit":"9d677ebe6dbeaeb181202724e0e1a40a2dfcf3d0"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":5,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/automerge.yml:1","Warn: no topLevel permission defined: .github/workflows/create-github-release.yml:1","Warn: no topLevel permission defined: .github/workflows/devScripts.yml:1","Warn: no topLevel permission defined: .github/workflows/failureNotifications.yml:1","Warn: no topLevel permission defined: .github/workflows/notify-slack-on-pr-open.yml:1","Warn: no topLevel permission defined: .github/workflows/onRelease.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Warn: no topLevel permission defined: .github/workflows/validate-pr.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/automerge.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/automerge.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-github-release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/create-github-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/devScripts.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/devScripts.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/failureNotifications.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/failureNotifications.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-slack-on-pr-open.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/notify-slack-on-pr-open.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/onRelease.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/onRelease.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/onRelease.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/onRelease.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/onRelease.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/onRelease.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate-pr.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/salesforcecli/plugin-auth/validate-pr.yml/main?enable=pin","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  12 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T13:47:24.284Z","repository_id":36963600,"created_at":"2025-08-16T13:47:24.284Z","updated_at":"2025-08-16T13:47:24.284Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31308446,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-11-29T14:04:31.720Z","updated_at":"2026-04-11T05:13:54.363Z","avatar_url":"https://github.com/salesforcecli.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# plugin-auth\n\n[![NPM](https://img.shields.io/npm/v/@salesforce/plugin-auth.svg?label=@salesforce/plugin-auth)](https://www.npmjs.com/package/@salesforce/plugin-auth) [![Downloads/week](https://img.shields.io/npm/dw/@salesforce/plugin-auth.svg)](https://npmjs.org/package/@salesforce/plugin-auth) [![License](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](https://opensource.org/license/apache-2-0)\n\nAuth commands for Salesforce CLI\n\nThis plugin is bundled with the [Salesforce CLI](https://developer.salesforce.com/tools/sfdxcli). For more information on the CLI, read the [getting started guide](https://developer.salesforce.com/docs/atlas.en-us.sfdx_setup.meta/sfdx_setup/sfdx_setup_intro.htm).\n\nWe always recommend using the latest version of these commands bundled with the CLI, however, you can install a specific version or tag if needed.\n\n## Install\n\n```bash\nsfdx plugins:install auth@x.y.z\n```\n\n## Issues\n\nPlease report any issues at https://github.com/forcedotcom/cli/issues\n\n## Contributing\n\n1. Please read our [Code of Conduct](CODE_OF_CONDUCT.md)\n2. Create a new issue before starting your project so that we can keep track of\n   what you are trying to add/fix. That way, we can also offer suggestions or\n   let you know if there is already an effort in progress.\n3. Fork this repository.\n4. [Build the plugin locally](#build)\n5. Create a _topic_ branch in your fork. Note, this step is recommended but technically not required if contributing using a fork.\n6. Edit the code in your fork.\n7. Write appropriate tests for your changes. Try to achieve at least 95% code coverage on any new code. No pull request will be accepted without unit tests.\n8. Sign CLA (see [CLA](#cla) below).\n9. Send us a pull request when you are done. We'll review your code, suggest any needed changes, and merge it in.\n\n### CLA\n\nExternal contributors will be required to sign a Contributor's License\nAgreement. You can do so by going to https://cla.salesforce.com/sign-cla.\n\n### Build\n\nTo build the plugin locally, make sure to have yarn installed and run the following commands:\n\n```bash\n# Clone the repository\ngit clone git@github.com:salesforcecli/plugin-auth\n\n# Install the dependencies and compile\nyarn install\nyarn build\n```\n\nTo use your plugin, run using the local `./bin/dev` or `./bin/dev.cmd` file.\n\n```bash\n# Run using local run file.\n./bin/dev auth\n```\n\nThere should be no differences when running via the Salesforce CLI or using the local run file. However, it can be useful to link the plugin to do some additional testing or run your commands from anywhere on your machine.\n\n```bash\n# Link your plugin to the sfdx cli\nsfdx plugins:link .\n# To verify\nsfdx plugins\n```\n\n# Commands\n\n\u003c!-- commands --\u003e\n\n- [`sf org list auth`](#sf-org-list-auth)\n- [`sf org login access-token`](#sf-org-login-access-token)\n- [`sf org login jwt`](#sf-org-login-jwt)\n- [`sf org login sfdx-url`](#sf-org-login-sfdx-url)\n- [`sf org login web`](#sf-org-login-web)\n- [`sf org logout`](#sf-org-logout)\n\n## `sf org list auth`\n\nList authorization information about the orgs you created or logged into.\n\n```\nUSAGE\n  $ sf org list auth [--json] [--flags-dir \u003cvalue\u003e]\n\nGLOBAL FLAGS\n  --flags-dir=\u003cvalue\u003e  Import flag values from a directory.\n  --json               Format output as json.\n\nDESCRIPTION\n  List authorization information about the orgs you created or logged into.\n\n  This command uses local authorization information that Salesforce CLI caches when you create a scratch org or log into\n  an org. The command doesn't actually connect to the orgs to verify that they're still active. As a result, this\n  command executes very quickly. If you want to view live information about your authorized orgs, such as their\n  connection status, use the \"org list\" command.\n\nALIASES\n  $ sf force auth list\n  $ sf auth list\n\nEXAMPLES\n  List local authorization information about your orgs:\n\n    $ sf org list auth\n```\n\n_See code: [src/commands/org/list/auth.ts](https://github.com/salesforcecli/plugin-auth/blob/4.3.6/src/commands/org/list/auth.ts)_\n\n## `sf org login access-token`\n\nAuthorize an org using an existing Salesforce access token.\n\n```\nUSAGE\n  $ sf org login access-token -r \u003cvalue\u003e [--json] [--flags-dir \u003cvalue\u003e] [-d] [-s] [-a \u003cvalue\u003e] [-p]\n\nFLAGS\n  -a, --alias=\u003cvalue\u003e         Alias for the org.\n  -d, --set-default-dev-hub   Set the authenticated org as the default Dev Hub.\n  -p, --no-prompt             Don't prompt for confirmation.\n  -r, --instance-url=\u003cvalue\u003e  (required) URL of the instance that the org lives on.\n  -s, --set-default           Set the authenticated org as the default that all org-related commands run against.\n\nGLOBAL FLAGS\n  --flags-dir=\u003cvalue\u003e  Import flag values from a directory.\n  --json               Format output as json.\n\nDESCRIPTION\n  Authorize an org using an existing Salesforce access token.\n\n  By default, the command runs interactively and asks you for the access token. If you previously authorized the org,\n  the command prompts whether you want to overwrite the local file. Specify --no-prompt to not be prompted.\n\n  To use the command in a CI/CD script, set the SF_ACCESS_TOKEN environment variable to the access token. Then run the\n  command with the --no-prompt parameter.\n\nALIASES\n  $ sf force auth accesstoken store\n  $ sf auth accesstoken store\n\nEXAMPLES\n  Authorize an org on https://mycompany.my.salesforce.com; the command prompts you for the access token:\n\n    $ sf org login access-token --instance-url https://mycompany.my.salesforce.com\n\n  Authorize the org without being prompted; you must have previously set the SF_ACCESS_TOKEN environment variable to\n  the access token:\n\n    $ sf org login access-token --instance-url https://dev-hub.my.salesforce.com --no-prompt\n\nFLAG DESCRIPTIONS\n  -r, --instance-url=\u003cvalue\u003e  URL of the instance that the org lives on.\n\n    If you specify an --instance-url value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file.\n\n    To specify a My Domain URL, use the format \"https://\u003cMyDomainName\u003e.my.salesforce.com\".\n\n    To specify a sandbox, set --instance-url to \"https://\u003cMyDomainName\u003e--\u003cSandboxName\u003e.sandbox.my.salesforce.com\".\n```\n\n_See code: [src/commands/org/login/access-token.ts](https://github.com/salesforcecli/plugin-auth/blob/4.3.6/src/commands/org/login/access-token.ts)_\n\n## `sf org login jwt`\n\nLog in to a Salesforce org using a JSON web token (JWT).\n\n```\nUSAGE\n  $ sf org login jwt -o \u003cvalue\u003e -f \u003cvalue\u003e -i \u003cvalue\u003e [--json] [--flags-dir \u003cvalue\u003e] [-r \u003cvalue\u003e] [-d] [-s] [-a\n    \u003cvalue\u003e]\n\nFLAGS\n  -a, --alias=\u003cvalue\u003e         Alias for the org.\n  -d, --set-default-dev-hub   Set the authenticated org as the default Dev Hub.\n  -f, --jwt-key-file=\u003cvalue\u003e  (required) Path to a file containing the private key.\n  -i, --client-id=\u003cvalue\u003e     (required) OAuth client ID (also called consumer key) of your custom connected app.\n  -o, --username=\u003cvalue\u003e      (required) Username of the user logging in.\n  -r, --instance-url=\u003cvalue\u003e  URL of the instance that the org lives on.\n  -s, --set-default           Set the authenticated org as the default that all org-related commands run against.\n\nGLOBAL FLAGS\n  --flags-dir=\u003cvalue\u003e  Import flag values from a directory.\n  --json               Format output as json.\n\nDESCRIPTION\n  Log in to a Salesforce org using a JSON web token (JWT).\n\n  Use this command in automated environments where you can’t interactively log in with a browser, such as in CI/CD\n  scripts.\n\n  Logging into an org authorizes the CLI to run other commands that connect to that org, such as deploying or retrieving\n  a project. You can log into many types of orgs, such as sandboxes, Dev Hubs, Env Hubs, production orgs, and scratch\n  orgs.\n\n  Complete these steps before you run this command:\n\n  1. Create a digital certificate (also called digital signature) and the private key to sign the certificate. You can\n  use your own key and certificate issued by a certification authority. Or use OpenSSL to create a key and a self-signed\n  digital certificate.\n  2. Store the private key in a file on your computer. When you run this command, you set the --jwt-key-file flag to\n  this file.\n  3. Create a custom connected app in your org using the digital certificate. Make note of the consumer key (also called\n  client id) that’s generated for you. Be sure the username of the user logging in is approved to use the connected app.\n  When you run this command, you set the --client-id flag to the consumer key.\n\n  See https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_jwt_flow.htm for more\n  information.\n\n  We recommend that you set an alias when you log into an org. Aliases make it easy to later reference this org when\n  running commands that require it. If you don’t set an alias, you use the username that you specified when you logged\n  in to the org. If you run multiple commands that reference the same org, consider setting the org as your default. Use\n  --set-default for your default scratch org or sandbox, or --set-default-dev-hub for your default Dev Hub.\n\nALIASES\n  $ sf force auth jwt grant\n  $ sf auth jwt grant\n\nEXAMPLES\n  Log into an org with username jdoe@example.org and on the default instance URL (https://login.salesforce.com). The\n  private key is stored in the file /Users/jdoe/JWT/server.key and the command uses the connected app with consumer\n  key (client id) 04580y4051234051.\n\n    $ sf org login jwt --username jdoe@example.org --jwt-key-file /Users/jdoe/JWT/server.key --client-id \\\n      04580y4051234051\n\n  Set the org as the default and give it an alias:\n\n    $ sf org login jwt --username jdoe@example.org --jwt-key-file /Users/jdoe/JWT/server.key --client-id \\\n      04580y4051234051 --alias ci-org --set-default\n\n  Set the org as the default Dev Hub and give it an alias:\n\n    $ sf org login jwt --username jdoe@example.org --jwt-key-file /Users/jdoe/JWT/server.key --client-id \\\n      04580y4051234051 --alias ci-dev-hub --set-default-dev-hub\n\n  Log in to a sandbox using URL https://MyDomainName--SandboxName.sandbox.my.salesforce.com:\n\n    $ sf org login jwt --username jdoe@example.org --jwt-key-file /Users/jdoe/JWT/server.key --client-id \\\n      04580y4051234051 --alias ci-org --set-default --instance-url \\\n      https://MyDomainName--SandboxName.sandbox.my.salesforce.com\n\nFLAG DESCRIPTIONS\n  -r, --instance-url=\u003cvalue\u003e  URL of the instance that the org lives on.\n\n    If you specify an --instance-url value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file.\n\n    To specify a My Domain URL, use the format \"https://\u003cMyDomainName\u003e.my.salesforce.com\".\n\n    To specify a sandbox, set --instance-url to \"https://\u003cMyDomainName\u003e--\u003cSandboxName\u003e.sandbox.my.salesforce.com\".\n```\n\n_See code: [src/commands/org/login/jwt.ts](https://github.com/salesforcecli/plugin-auth/blob/4.3.6/src/commands/org/login/jwt.ts)_\n\n## `sf org login sfdx-url`\n\nAuthorize an org using a Salesforce DX authorization URL stored in a file or through standard input (stdin).\n\n```\nUSAGE\n  $ sf org login sfdx-url [--json] [--flags-dir \u003cvalue\u003e] [-f \u003cvalue\u003e] [-u \u003cvalue\u003e] [-d] [-s] [-a \u003cvalue\u003e]\n\nFLAGS\n  -a, --alias=\u003cvalue\u003e           Alias for the org.\n  -d, --set-default-dev-hub     Set the authenticated org as the default Dev Hub.\n  -f, --sfdx-url-file=\u003cvalue\u003e   Path to a file that contains the Salesforce DX authorization URL.\n  -s, --set-default             Set the authenticated org as the default that all org-related commands run against.\n  -u, --sfdx-url-stdin=\u003cvalue\u003e  Pipe the Salesforce DX authorization URL through standard input (stdin).\n\nGLOBAL FLAGS\n  --flags-dir=\u003cvalue\u003e  Import flag values from a directory.\n  --json               Format output as json.\n\nDESCRIPTION\n  Authorize an org using a Salesforce DX authorization URL stored in a file or through standard input (stdin).\n\n  You use the Salesforce DX (SFDX) authorization URL to authorize Salesforce CLI to connect to a target org. The URL\n  contains the required data to accomplish the authorization, such as the client ID, client secret, and instance URL.\n  You must specify the SFDX authorization URL in this format:\n  \"force://\u003cclientId\u003e:\u003cclientSecret\u003e:\u003crefreshToken\u003e@\u003cinstanceUrl\u003e\". Replace \u003cclientId\u003e, \u003cclientSecret\u003e, \u003crefreshToken\u003e,\n  and \u003cinstanceUrl\u003e with the values specific to your target org. For \u003cinstanceUrl\u003e, don't include a protocol (such as\n  \"https://\"). Note that although the SFDX authorization URL starts with \"force://\", it has nothing to do with the\n  actual authorization. Salesforce CLI always communicates with your org using HTTPS.\n\n  To see an example of an SFDX authorization URL, run \"org display --verbose\" on an org.\n\n  You have three options when creating the authorization file. The easiest option is to redirect the output of the \"sf\n  org display --verbose --json\" command into a file. For example, using an org with alias my-org that you've already\n  authorized:\n\n  $ sf org display --target-org my-org --verbose --json \u003e authFile.json\n\n  The resulting JSON file contains the URL in the \"sfdxAuthUrl\" property of the \"result\" object. You can then reference\n  the file when running this command:\n\n  $ sf org login sfdx-url --sfdx-url-file authFile.json\n\n  NOTE: The \"sf org display --verbose\" command displays the refresh token only for orgs authorized with the web server\n  flow, and not the JWT bearer flow.\n\n  You can also create a JSON file that has a top-level property named sfdxAuthUrl whose value is the authorization URL.\n  Finally, you can create a normal text file that includes just the URL and nothing else.\n\n  Alternatively, you can pipe the SFDX authorization URL through standard input by specifying the --sfdx-url-stdin flag.\n\nALIASES\n  $ sf force auth sfdxurl store\n  $ sf auth sfdxurl store\n\nEXAMPLES\n  Authorize an org using the SFDX authorization URL in the files/authFile.json file:\n\n    $ sf org login sfdx-url --sfdx-url-file files/authFile.json\n\n  Similar to previous example, but set the org as your default and give it an alias MyDefaultOrg:\n\n    $ sf org login sfdx-url --sfdx-url-file files/authFile.json --set-default --alias MyDefaultOrg\n\n  Pipe the SFDX authorization URL from stdin:\n  $ echo url | sf org login sfdx-url --sfdx-url-stdin\n```\n\n_See code: [src/commands/org/login/sfdx-url.ts](https://github.com/salesforcecli/plugin-auth/blob/4.3.6/src/commands/org/login/sfdx-url.ts)_\n\n## `sf org login web`\n\nLog in to a Salesforce org using the web server flow.\n\n```\nUSAGE\n  $ sf org login web [--json] [--flags-dir \u003cvalue\u003e] [-b chrome|edge|firefox] [-i \u003cvalue\u003e] [-r \u003cvalue\u003e] [-d] [-s]\n    [-a \u003cvalue\u003e] [-c \u003cvalue\u003e --username \u003cvalue\u003e] [--scopes \u003cvalue\u003e]\n\nFLAGS\n  -a, --alias=\u003cvalue\u003e         Alias for the org.\n  -b, --browser=\u003coption\u003e      Browser in which to open the org.\n                              \u003coptions: chrome|edge|firefox\u003e\n  -c, --client-app=\u003cvalue\u003e    Name to give to the link between the connected app or external client and the\n                              already-authenticated user. You can specify any string you want. Must be used with\n                              --username.\n  -d, --set-default-dev-hub   Set the authenticated org as the default Dev Hub.\n  -i, --client-id=\u003cvalue\u003e     OAuth client ID (also called consumer key) of your custom connected app.\n  -r, --instance-url=\u003cvalue\u003e  URL of the instance that the org lives on.\n  -s, --set-default           Set the authenticated org as the default that all org-related commands run against.\n      --scopes=\u003cvalue\u003e        Authentication (OAuth) scopes to request. Use the scope's short name; specify multiple\n                              scopes using just one flag instance and separated by spaces: --scopes \"sfap_api\n                              chatbot_api\".\n      --username=\u003cvalue\u003e      Username of the already-authenticated user to link to the connected app or external client\n                              app. Must be used with --client-app.\n\nGLOBAL FLAGS\n  --flags-dir=\u003cvalue\u003e  Import flag values from a directory.\n  --json               Format output as json.\n\nDESCRIPTION\n  Log in to a Salesforce org using the web server flow.\n\n  Opens a Salesforce instance URL in a web browser so you can enter your credentials and log in to your org. After you\n  log in, you can close the browser window.\n\n  Logging into an org authorizes the CLI to run other commands that connect to that org, such as deploying or retrieving\n  metadata. You can log into many types of orgs, such as sandboxes, Dev Hubs, Env Hubs, production orgs, and scratch\n  orgs.\n\n  We recommend that you set an alias when you log into an org. Aliases make it easy to later reference this org when\n  running commands that require it. If you don’t set an alias, you use the username that you specified when you logged\n  in to the org. If you run multiple commands that reference the same org, consider setting the org as your default. Use\n  --set-default for your default scratch org or sandbox, or --set-default-dev-hub for your default Dev Hub.\n\n  By default, this command uses the global out-of-the-box connected app in your org. If you need more security or\n  control, such as setting the refresh token timeout or specifying IP ranges, create your own connected app using a\n  digital certificate. Make note of the consumer key (also called cliend id) that’s generated for you. Then specify the\n  consumer key with the --client-id flag.\n\n  You can also use this command to link one or more connected or external client apps in an org to an\n  already-authenticated user. Then Salesforce CLI commands that have API-specific requirements, such as new OAuth scopes\n  or JWT-based access tokens, can use these custom client apps rather than the default one. To create the link, you use\n  the --client-app flag to give the link a name and the --username flag to specify the already-authenticated user. Use\n  the --scopes flag to add OAuth scopes if required. After you create the link, you then use the --client-app value in\n  the other command that has the API-specific requirements. An example of a command that uses this feature is \"agent\n  preview\"; see the \"Preview an Agent\" section in the \"Agentforce Developer Guide\" for details and examples.\n  (https://developer.salesforce.com/docs/einstein/genai/guide/agent-dx-preview.html)\n\nALIASES\n  $ sf force auth web login\n  $ sf auth web login\n\nEXAMPLES\n  Run the command with no flags to open the default Salesforce login page (https://login.salesforce.com):\n\n    $ sf org login web\n\n  Log in to your Dev Hub, set it as your default Dev Hub, and set an alias that you reference later when you create a\n  scratch org:\n\n    $ sf org login web --set-default-dev-hub --alias dev-hub\n\n  Log in to a sandbox and set it as your default org:\n\n    $ sf org login web --instance-url https://MyDomainName--SandboxName.sandbox.my.salesforce.com --set-default\n\n  Use --browser to specify a specific browser, such as Google Chrome:\n\n    $ sf org login web --instance-url https://MyDomainName--SandboxName.sandbox.my.salesforce.com --set-default \\\n      --browser chrome\n\n  Use your own connected app by specifying its consumer key (also called client ID) and specify additional OAuth\n  scopes:\n\n    $ sf org login web --instance-url https://MyDomainName--SandboxName.sandbox.my.salesforce.com --set-default \\\n      --browser chrome --client-id 04580y4051234051 --scopes \"sfap_api chatbot_api\"\n\nFLAG DESCRIPTIONS\n  -b, --browser=chrome|edge|firefox  Browser in which to open the org.\n\n    If you don’t specify --browser, the command uses your default browser. The exact names of the browser applications\n    differ depending on the operating system you're on; check your documentation for details.\n\n  -r, --instance-url=\u003cvalue\u003e  URL of the instance that the org lives on.\n\n    If you specify an --instance-url value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file.\n\n    To specify a My Domain URL, use the format \"https://\u003cMyDomainName\u003e.my.salesforce.com\".\n\n    To specify a sandbox, set --instance-url to \"https://\u003cMyDomainName\u003e--\u003cSandboxName\u003e.sandbox.my.salesforce.com\".\n```\n\n_See code: [src/commands/org/login/web.ts](https://github.com/salesforcecli/plugin-auth/blob/4.3.6/src/commands/org/login/web.ts)_\n\n## `sf org logout`\n\nLog out of a Salesforce org.\n\n```\nUSAGE\n  $ sf org logout [--json] [--flags-dir \u003cvalue\u003e] [-c \u003cvalue\u003e -o \u003cvalue\u003e] [-a | ] [-p]\n\nFLAGS\n  -a, --all                 Include all authenticated orgs.\n  -c, --client-app=\u003cvalue\u003e  Client app to log out of.\n  -o, --target-org=\u003cvalue\u003e  Username or alias of the target org.\n  -p, --no-prompt           Don't prompt for confirmation.\n\nGLOBAL FLAGS\n  --flags-dir=\u003cvalue\u003e  Import flag values from a directory.\n  --json               Format output as json.\n\nDESCRIPTION\n  Log out of a Salesforce org.\n\n  If you run this command with no flags and no default org set in your config or environment, it first displays a list\n  of orgs you've created or logged into, with none of the orgs selected. Use the arrow keys to scroll through the list\n  and the space bar to select the orgs you want to log out of. Press Enter when you're done; the command asks for a\n  final confirmation before logging out of the selected orgs.\n\n  The process is similar if you specify --all, except that in the initial list of orgs, they're all selected. Use\n  --target-org to logout of a specific org. In both these cases by default, you must still confirm that you want to log\n  out. Use --no-prompt to never be asked for confirmation when also using --all or --target-org.\n\n  Be careful! If you log out of a scratch org without having access to its password, you can't access the scratch org\n  again, either through the CLI or the Salesforce UI.\n\n  Use the --client-app flag to log out of the link you previously created between an authenticated user and a connected\n  app or external client app; you create these links with \"org login web --client-app\". Run \"org display\" to get the\n  list of client app names.\n\nALIASES\n  $ sf force auth logout\n  $ sf auth logout\n\nEXAMPLES\n  Interactively select the orgs to log out of:\n\n    $ sf org logout\n\n  Log out of the org with username me@my.org:\n\n    $ sf org logout --target-org me@my.org\n\n  Log out of all orgs after confirmation:\n\n    $ sf org logout --all\n\n  Logout of the org with alias my-scratch and don't prompt for confirmation:\n\n    $ sf org logout --target-org my-scratch --no-prompt\n\nFLAG DESCRIPTIONS\n  -a, --all  Include all authenticated orgs.\n\n    All orgs includes Dev Hubs, sandboxes, DE orgs, and expired, deleted, and unknown-status scratch orgs.\n```\n\n_See code: [src/commands/org/logout.ts](https://github.com/salesforcecli/plugin-auth/blob/4.3.6/src/commands/org/logout.ts)_\n\n\u003c!-- commandsstop --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsalesforcecli%2Fplugin-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsalesforcecli%2Fplugin-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsalesforcecli%2Fplugin-auth/lists"}