-
Notifications
You must be signed in to change notification settings - Fork 94
Token format change from UUID to JWT
UPDATE: June 22, 2023
Back in August 2022 Salesforce had announced a deprecation of the token format UUID for access tokens obtained from Account Manager. The token format is a configuration at the API client in Account Manager. The default value is JWT already, but still a lot of API clients used UUID (mostly because UUID was the default value in the past and that configuration was left untouched). This document describes the impact of the token format change to the use of the CLI.
The change of an API client's token format from UUID to JWT should have been done by June 15, 2023. All API client not being changed by then, Salesforce is changing the token format starting on June 15, 2023 (see details about this timeline at https://help.salesforce.com/s/articleView?id=000394343&type=1).
The token format can be changed in the API client configuration in Account Manager. Only a user with role Account Administrator or API Administrator and assigned to the org in Account Manager has the permission to manage and change API clients for the org.
If you authenticate using sfcc-ci client:auth <client-id> <client-secret> this change is without any impact.
If you authenticate using sfcc-ci auth:login <client-id> or sfcc-ci client:auth <client-id> <client-secret> <username> <user-password> this change may impact you.
If you authenticate a user and if you use the CLI to work with on-demand sandboxes (ODS), commands sfcc-ci sandbox:*, management of users, roles or API clients in Salesforce Account Manager, commands sfcc-ci org:*, sfcc-ci user:*, sfcc-ci role:* and sfcc-ci client:*, or management of SLAS configurations, commands sfcc-ci slas:*, there is no impact.
If you authenticate a user and if you use the CLI to work with Salesforce B2C Commerce Instances, commands like sfcc-ci code:deploy or sfcc-ci instance:upload and others may stop working and returning a 401 (Not authenticated) or 403 (Not authorized) as a result.
In this case please check if the user who authenticates has the permission to run the activities on the B2C Commerce Instance you work with. The user who authenticates has to be Business Manager Admin and the BM_ADMIN role with the tenant (B2C Commerce Instance) must be granted to the user.
If you work with PIG instances (production, staging, development) then you must have logged in to Business Manager at least once for the CLI commands with that PIG instance to work.
If you work with on-demand sandboxes (ODS) the user does not have to log into Business Manager before the CLI commands to work. This is intentional as it helps to work more effectively when managing lots of sandboxes for dev teams.