3

According to the documentation available here https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_jwt_flow.htm it is explicitly mentioned that:

You can authorize a scratch org using the same client identifier (consumer key) and private key file that you used to authorize its associated Dev Hub org. Set the --instanceurl parameter to https://test.salesforce.com and the --username parameter to the administrator user displayed after you create the scratch org with

However, when we try the following commands 

 sfdx force:auth:jwt:grant --clientid $CLIENT_ID \
      --username my.email@gmail.com \
      --jwtkeyfile jwt-file \
      --instanceurl https://login.salesforce.com 
sfdx force:auth:jwt:grant --clientid $CLIENT_ID \
     --username test-twcxnbl2zyrl@example.com \
     --jwtkeyfile jwt-file \
     --instanceurl https://test.salesforce.com

The first one results in Successfully authorized while the second fails with This org appears to have a problem with its OAuth configuration. Reason: invalid_grant - user hasn't approved this consumer

Is the documentation missing something, is there anything that should be done on the scratch org to enable jwt? The connected apps section in the scratch org is empy and our scratch definition looks like so

{
  "orgName": "my-playground",
  "edition": "Developer",
  "features": [],
  "language": "en_US",
  "settings": {
    "orgPreferenceSettings": {
      "s1DesktopEnabled": true
    }
  }
}
Edmondo
  • 1,712
  • 16
  • 35
  • Did you try this immediately after creating the Scratch Org? The reason I ask is because I see this in the docs -- If you get an error that the user is not approved, it means that the scratch org information has not yet been replicated to https://test.salesforce.com. Wait a short time and try again. – Jayant Das Apr 09 '19 at 18:02
  • I gave time, I tried also with orgs that have been created few days ago. Also in the CI I need a way not to wait, this blog here mention something http://www.wadewegner.com/2018/01/jwt-oauth-with-scratch-orgs/ in the comments (issuing a request to a token uri but I didn't understand much) – Edmondo Apr 09 '19 at 18:03
  • unfortunately, wait a short time is not defined, and it can vary =( im assuming it has been over 30 mins, givent the time your post has been active? – glls Apr 09 '19 at 18:26
  • now it worked, unfortunately this is not sustainable in continuos integration where I need to create a scratch org and execute code or tests. Are there other / better ways to authenticate? – Edmondo Apr 09 '19 at 18:38
  • 1
    not for a ci process – glls Apr 09 '19 at 19:23
  • So shat would you do for a CI process? We retrieved the AuthCode/Signup URL and create a jsForce and it works but the AccessToken has a short life – Edmondo Apr 09 '19 at 19:31
  • Can you not create the scratch org in the same CI process? i.e. auth to dev hub, run org create, do all your setup, then use the org. No need to auth to the scratch org separately if it is created on the same machine. – Amphro Apr 01 '20 at 21:49

0 Answers0