Skip to content

@W-22438536 WIP - Auth commands#1667

Open
iowillhoit wants to merge 14 commits into
mainfrom
ew/auth-commands
Open

@W-22438536 WIP - Auth commands#1667
iowillhoit wants to merge 14 commits into
mainfrom
ew/auth-commands

Conversation

@iowillhoit
Copy link
Copy Markdown
Contributor

@iowillhoit iowillhoit commented May 12, 2026
edited
Loading

What does this PR do?

  • Adds three new sf org auth show-* commands to safely reveal sensitive org credentials:
    • sf org auth show-access-token
    • sf org auth show-sfdx-auth-url
    • sf org auth show-user-password

These commands include confirmation prompts (with 30s timeout) to reduce accidental credential exposure in agent/CI logs. The --no-prompt and --json flags bypass the prompt but still emit a warning.

What issues does this PR fix or reference?

@W-22438536@

@iowillhoit iowillhoit requested a review from a team as a code owner May 12, 2026 18:40
cristiand391
cristiand391 reviewed May 12, 2026
View reviewed changes
Comment thread src/commands/org/auth/show-access-token.ts Outdated
jshackell-sfdc and others added 4 commits May 13, 2026 08:36
@jshackell-sfdc
quick edit
32fbbc9 
Updated prompts and examples to clarify access token retrieval for an org.
@jshackell-sfdc
fix: few more edits
fa484a5
@iowillhoit
feat: show-user-password command
f635aa6
@iowillhoit
chore: pw messaging
a78d8ec
jshackell-sfdc
jshackell-sfdc reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jshackell-sfdc jshackell-sfdc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iowillhoit , see my questions, and possible suggestions.

Comment thread messages/org.auth.show-user-password.md Outdated
Comment thread messages/org.auth.show-user-password.md Outdated

# description

Passwords are only available for orgs where a password was previously generated, such as by running "sf org generate password" or "sf org create user". Because passwords are sensitive credentials, this command prompts for confirmation before revealing it. Skip confirmation by specifying either the --no-prompt or --json flag.
Copy link
Copy Markdown
Contributor

@jshackell-sfdc jshackell-sfdc May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I DM'd you about this, but I'll ask here too. Is the idea that this CLI command can be used to show only the passwords that were generated in the DX project using a CLI command, such as org generate password or org create user? In other words, if I create a user/password in Setup in the org, that password WON'T be showable with this command? If so, how about this description:

---start---
This command shows only passwords that were generated locally in your DX project with either the org generate password or org create user CLI command. If you generated a password for a user in Setup in your org, you can't show it with this command.

Because passwords are sensitive credentials, this command prompts for confirmation before revealing it. Skip confirmation by specifying either the --no-prompt or --json flag.

---end---

Copy link
Copy Markdown
Contributor Author

@iowillhoit iowillhoit May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's correct, if you created a user/pw in Setup and then authed to it locally, the pw would not be stored locally.

Comment thread messages/org.auth.show-user-password.md Outdated
iowillhoit
iowillhoit commented May 15, 2026
View reviewed changes
Comment thread messages/org.auth.show-user-password.md Outdated
iowillhoit and others added 3 commits May 15, 2026 09:29
jshackell-sfdc
jshackell-sfdc approved these changes May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jshackell-sfdc jshackell-sfdc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cristiand391 cristiand391 cristiand391 approved these changes

@jshackell-sfdc jshackell-sfdc jshackell-sfdc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iowillhoit @cristiand391 @jshackell-sfdc