Loading
메일 전송 도메인 확인 상태 안내더 많이 읽기

Default Salesforce CLI OAuth 2.0 Device Flow Removal

게시 일자: May 25, 2026
상세 설명

Salesforce has removed support for the OAuth 2.0 Device Flow in the default Salesforce CLI (Command Line Interface) Connected App. This change is permanent — there will be no exceptions or extensions.

This change is part of Salesforce's commitment to making products and services secure-by-default.

Effective Date: Starting August 28, 2025, new and existing authorizations to any org using the OAuth 2.0 Device Flow with the default Salesforce CLI connected app will be blocked.

Who Is Affected: Users who use the org login device CLI command with the default Salesforce CLI connected app. Starting August 28, 2025, these authorizations will be blocked.

Announcement
https://github.com/forcedotcom/cli/issues/3368

솔루션

Recommended Alternative Flows

[1] Web Server Flow

Use the Web Server Flow for interactive authentication with browser access:

[2] JWT Bearer Flow

Use the JWT (JSON Web Token) Bearer Flow for headless environments such as CI/CD pipelines where browser authentication is not available:

Important Note:

You cannot work around this restriction by re-enabling the Device Flow in a custom connected app, because the Enable for Device Flow option in the API (Enable OAuth Settings) section has been permanently disabled by Salesforce. Additionally, Org Admins must now install the Salesforce CLI connected app themselves — this can no longer be done by standard users.

Knowledge 기사 번호

005135030

 
로드 중
Salesforce Help | Article