Authenticate an Org using the Salesforce CLI Without Re-entering Your Password

TL;DR — Run sf org login web --instance-url <your-org-url>, wait for the login tab to open, then delete &sdtd=1 from the URL and press Enter. Salesforce picks up your existing browser session and the CLI authenticates without you typing a password.

When you're already logged into a Salesforce org in your browser, you don't need to enter your credentials again just to authenticate an org using the sf CLI. Here's how to reuse your existing browser session.

Step 1: Grab the instance URL and run the login command

Open the user menu in Salesforce Setup — the instance URL is shown right under your username. Copy it, then run:

sf org login web --alias brave-moose --set-default --instance-url https://brave-moose-ocouax-dev-ed.trailblaze.my.salesforce.com

Step 2: The CLI opens a login screen

The sf CLI opens a new browser tab pointing to your org's login page. Even though you're already authenticated in another tab, this new tab shows the login form.

Step 3: The URL hack — skip the login form

Instead of entering your credentials, look at the URL in the address bar. Find the &sdtd=1 parameter and delete it, then press Enter. With that parameter gone, Salesforce uses your existing browser session instead of prompting for a password.

Step 4: Approve the CLI's access request

Salesforce skips the login form and jumps straight to the OAuth consent screen.

Click Allow.

Step 5: Authentication successful

The browser redirects to the CLI's local callback server at localhost:1717/OauthSuccess. You can close this tab.

Step 6: Done — org is connected

Back in the terminal, the CLI confirms the org is authenticated:

Successfully authorized [email protected] with org ID 00DQy00000oOQsbMAG

No password re-entry needed. The full sf org login web flow with --instance-url and removing &sdtd=1 from the URL lets you reuse your existing browser session to authenticate any org the CLI doesn't yet know about.