function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Frans Flippo 14Frans Flippo 14 

SFDX org sessions expiring

Since a week or so I suddenly get `INVALID_SESSION_ID: Session expired or invalid` errors when trying to deploy to a sandbox. Around the same time, I suddenly started seeing the line `*** Deploying with REST ***` when running an `sfdx force:source:deploy`.

I never used to see my token expire before. Now I have to daily go and re-auth my org connection.

This seems like a regression. What's going on?
VinayVinay (Salesforce Developers) 
The Sfdx Auth Url should never expire unless someone is revoking it manually or you have your own connected app and set the policies to say "immediately expire refresh token " or "Expire refresh token if not used for n" or "Expire refresh token after n"
By default the expiration of refresh token is set to "Refresh token is valid until revoked"
One way to find whats going on is look into your "Connected Apps OAuth Usage page by navigating to Apps >Connected Apps OAuth Usage in your org.

Also, check session settings.

Arish Doha 13Arish Doha 13

Agreed with Frans, I am also getting this error when I never used to before.

For further context, I am already authorized in my sandbox from my local computer using sfdx and salesforce CLI. By default this uses the out of the box "Salesforce CLI" connected app in the sandbox. And Salesforce does not let us edit this connected app's session settings.

Bryan CarrollBryan Carroll
Sorry to simply add a "me too" response, but me too.  Never saw this problem until an hour ago or so when I attempted to push source from VSCODE to a dev org via the SFDX: Deploy This Source to Org command from the right-click dropdown.  I've attempted to reauthorize multiple orgs that I was connected to.  I'll get just past the login page and the browser is hanging on the /setup/secur/RemoteAccessAuthorizationPage.apexp page.  There's nothing in the console if I open developer tools in Chrome. doesn't show any hiccups.  No session info to work with, not really sure what to do, either.
VinayVinay (Salesforce Developers) 
Can you try resolution steps mentioned below

Bryan CarrollBryan Carroll
I looked at the document and these are the steps it says to follow:
  1. Turn "Lock sessions to the IP address from which they originated" OFF, 
  2. Turn "Enforce login IP ranges on every request" ON, 
  3. Select the connected app's IP relaxation policy "Enforce IP restriction", and 
  4. Add Salesforce's internal IP range to to the list of profiles needing to use Salesforce's REST API
Number 1 was already off.  Number 2 wasn't on so I enabled it.  There are no connected apps in the org in question.  Number 4 I'm hesitant on because I don't want to lock down the profile at all.  I'm assuming it referencing login IP ranges?  We need to interactively log into this org, I don't want to lock it down to SF's internal IP range.

Basically, I'm in VSCode.  From the CLI I run "sfdx force:auth:web:login --setalias 'org alias' --instanceurl --setdefaultusername".  A browser window opens at the SF login page.  I enter in my credentials (yes, they're correct), and then the process stalls at RemoteAccessAuthorizationPage.apexp.  No feedback, no errors, no timeouts, no logs, nothing.  This org is just a Developer Edition created from Environment Hub where I push code for preview.  But it isn't specific to only this org.  I can't authorize against any orgs at all within VSCode.

Now, I just viewed the code in the browser for RemoteAccesAuthorizationPage and it's trying to redirect to "http://localhost:1717/OauthRedirect?code=<SESSION_ID>" (I blanked out the session id).  I ran 'netstat -an' and, sure enough, there's a TCP session listening on that port.  I've confirmed that this is a VSCode-related session (I quit VSCode and the session disappeared, restarted VSCode and the session is back).  So, now I'm wondering if this is all VSCode related?  I noticed earlier that there was an update, but don't know anything more than that.
Stéphane Vinuesa, FRStéphane Vinuesa, FR
We (at least 2 devs) are having the same issue. Opening the Default org solve the issue... until next time.
Frans Flippo 14Frans Flippo 14
Getting it now for scratch orgs too.

However, on retry it goes through:
> sfdx force:source:push
*** Deploying with REST ***
ERROR running force:source:push:  INVALID_SESSION_ID: Session expired or invalid
> sfdx force:source:push
*** Deploying with REST ***
Job ID | 0Af2500001BwqpOCAR
SOURCE PROGRESS | ████████████████████████████████████████ | 7/7 Components
*** Deploying with REST ***
Job ID | 0Af2500001BwqpxCAB
SOURCE PROGRESS | ████████████████████████████████████████ | 5/5 Components

Frans Flippo 14Frans Flippo 14
Updating sfdx CLI now, let's see if that makes a difference...
> sfdx update
sfdx-cli: Updating CLI from 7.88.4-3b2e55c3f1 to 7.90.2-b8f9206a5c... ⣟ 19.1 MB/51.0 MB

Bryan CarrollBryan Carroll
Frans, I don't know about you but that worked for me.  As of right now I'm able to authorize orgs again from VSCode.  I hope it sticks.  Thanks for the tip!
Happening to me as well, even though I have already been on SFDX CLI 7.90.2.
Tom Hoban 2Tom Hoban 2
I'm seeing this error running "sfdx force:mdapi:deploy...." command.  Updating to 7.90.2 did not help me either.
Have just updated to 7.90.2 - fingers crossed it fixes it for me.  Very annoying having to authorize my org every time I want to deploy.
Hi All,

I understand this issue is happening with the latest sfdx CLI version but we don't need to re authorize everytime we get this error. We can run sfdx force:org:list which refreshes the connection to the org and then we can run the deploy or push/pull command.
Brave DonkeyBrave Donkey
I'm on sfdx-cli/7.90.2,
Since March 1st every 2 hours i loose the session, force:org:list does sort it for a little while, but takes a while to run when you have a lot of orgs.
Mark GoodspeedMark Goodspeed
I've been working with VSCode / SFDX and the same sandbox for about twelve months without any issues connecting.  I had this occur once last week, and repeatidly today.  I tried the obvious (sfdx update / restart machine) and checked the session IP settings etc with no joy.

I raised a support case, and got a response to re-authorise the org: this worked and I am able to deploy again.

However am concerned as others here are reporting the issue, and if we have to re-authorise the org frequently it will be a pain.
Brandon Cornejo 9Brandon Cornejo 9

Just updating CLI as well hoping it clears this issue, but for those connecting to the default org to fix:


I've found that doing a 

sfdx force:org:list

applies the same temporary fix as its reaching out, and I can then source:deploy to any org.
John Kane 22John Kane 22
My workaround is to click the Open Org button in VS Code then the command line connections work...until the next day.
Bryan CarrollBryan Carroll
Just to update my experience, updating the CLI ultimately fixed the issue I was having with not being able to authenticate at all.  However, like the rest here, the session only appears to be valid for 24 hours or so as I have to reauthenticate each day.  Typically I just open the org I'm working against prior to pushing any code.  It's a bit of an adjustment and somewhat cumbersome as I'm typically working against a handful of different orgs at any given time.  It'd be nice if there was a way to extend or persist the session.
Mark GoodspeedMark Goodspeed
I'm still getting these errors from time to time.  Salesforce support have suggested command:

sfdx force:org:open

to restore connection.  This works for me.
Amnon KruviAmnon Kruvi
I may be a little late to the party, but anyone who's still experiencing this, could you please try the following:
From VS Code, open File -> Preferences -> Settings.
Search for and enable the setting: Salesforcedx-vscode-core > Experimental: Deploy Retrieve

Kelly SKelly S

Following. I tried updating our Oauth installation to use Enforce IP restrictions, but relax for refresh tokens. Still getting the invalid session.

However, I updated from 7.92.0-88320113e7 to 7.93.1-762bca056d and this worked to resolve the issue for today. 

Paul WorltonPaul Worlton

I suspect the issue here is the SFDX connected app, which has "Immediately expire refresh tokens" selected and there appears to be no way to deselect it. I'm not sure if this is a change from a recent release or not (maybe someone else can research that) but it appears to be this policy that forces SFDX orgs to re-authorize frequently.

As others have stated, you can try typing any of the following in the VSC console to restore the connection:

  • sfdx force:org:open
  • sfdx force:org:list
  • sfdx force:auth:web:login -a {YOUR ORG ALIAS} -d -r

Alternately...if you have access, you could try to delete the SFDX connected app. This will require going into App Manager and under SFDX, select "View". There will be a Delete button at the top.

NOTE: I just deleted my own SFDX and I can still connect through VSC, so I'm certain that it doesn't break things but I'm not certain yet if this will solve the session expiration issue.

SwethaSwetha (Salesforce Developers) 
Hi Everyone,

This is a platform issue and is currently being tracked in GitHub

Copying the contributor's comment from the above GitHub thread:
"The REST API does not auto-refresh as it does with SOAP via jsforce. This is a bug and is being tracked internally with W-9016781."

As per , Starting in version 51.0, Salesforce CLI uses REST by default for deployments. The bug is related to this recent change.

Recommend following the GitHub thread to receive the updates from the product team directly.

Thank you
Salesforce support