ERROR running force:org:status: Cannot create an AuthInfo instance that will overwrite existing auth data.

[HyruleConsulting]

Summary

When using sfdx force:org:status to authenticate with a sandbox following a refresh, an authentication error occurs:

ERROR running force:org:status: Cannot create an AuthInfo instance that will overwrite existing auth data.
Try this:
Create the AuthInfo instance using existing auth data by just passing the username. E.g., AuthInfo.create({ username: '[email protected]' });

Steps To Reproduce:

1. Use a connected app in production. Add following scopes: api, full, refresh_token, offline_access. Add callback url: http://localhost:1717/OauthRedirect
2. Refresh a sandbox
3. Authenticate production with your CLI (sfdx force:auth:jwt:grant)
4. Use command: sfdx force:org:status
5. Receive auth error

ERROR running force:org:status: Cannot create an AuthInfo instance that will overwrite existing auth data.
Try this:
Create the AuthInfo instance using existing auth data by just passing the username. E.g., AuthInfo.create({ username: '[email protected]' });

Expected result

Sandbox should be authenticated

Actual result

ERROR running force:org:status: Cannot create an AuthInfo instance that will overwrite existing auth data.
Try this:
Create the AuthInfo instance using existing auth data by just passing the username. E.g., AuthInfo.create({ username: '[email protected]' });

System Information

sfdx-cli/7.107.0 darwin-x64 node-v14.17.1

[github-actions]

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

[mshanemc]

I'm not sure that's a bug. We usually try not to overwrite an auth, ever, for safety reasons.

So you'd probably want to auth:logout of the sandbox before trying to connect to it post-refresh (it's technically going to be like a whole new org).

1. see if that works
2. leave some feedback on if that seems like the correct approach or if you think for source:status should behave differently?

[HyruleConsulting]

Thanks Shane, I've logged out of all orgs from my CLI now which helps but I still can't authenticate due to invalid client credentials.

ERROR running force:org:status: Error authenticating with auth code due to: invalid client credentials

Connected App Details in Production (and in sandbox following refresh)

Scopes:
Access your basic information (id, profile, email, address, phone)
Access and manage your data (api)
Provide access to your data via the Web (web)
Full access (full)
Perform requests on your behalf at any time (refresh_token, offline_access)
Allow access to content resources (content)

Callback URL
https://login.salesforce.com/
https://test.salesforce.com
http://localhost:1717/OauthRedirect

[MGarfOppLoans]

any update on this, we have had to roll back to a smaller version to get around the issue

[mshanemc]

I think the best option if auth:logout didn't help would be to org:delete so that no auth files are kept around and then try the auth again. Can @MGarfOppLoans or @HyruleConsulting try that if this org is still around?

Sandbox team is aware of their auth problems. There's not much we can do other than try to help with workarounds.

You can try opening a case to help them see how many people think this needs to be addressed when they prioritize work.

[github-actions]

We have determined that the issue you reported exists in code owned by another team that uses only the official support channels. To ensure that your issue is addressed, open an official Salesforce customer support ticket with a link to this issue. We encourage anyone experiencing this issue to do the same to increase the priority. We will keep this issue open for the community to collaborate on.

[MGarfOppLoans]

right we are doing what we recommended which is to check if already authed before attempting to auth again. Not ideal but works

[HyruleConsulting]

Back when I posted this I was actually facing two issues with the sfdx force:org:status command: 1. Cannot Create AuthInfo instance error. This was simply resolved by your comment by just logging out of the specific sandbox on the CLI. It makes sense that CLI does not override the auth instance. 2. After a refresh, the sfdx force:org:status should report the status of the org and also authenticate. However the authentication was not working "Invalid client credentials error". I have since had a case open with Salesforce and this was a known issue. It was fixed in the last major release though (winter22) and now the sfdx force:org:status command is working as expected. This command is particularly useful when refreshing a sandbox via automated pipelines and CI. Thank you for your support

…

On Thu, Dec 9, 2021 at 10:58 PM Michael Garfinkel ***@***.***> wrote: right we are doing what we recommended which is to check if already authed before attempting to auth again. Not ideal but works — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1077 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQCKNQZZQQIBRS5TOBHIEELUQEYCHANCNFSM5ACIYW2Q> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[mshanemc]

org:status is deprecated and has been replaced by org:resume:sandbox. You should be able to use that command during refreshes now.

closing because it's not going to be fixed.