sf org list does not list all scratch orgs on newly refreshed windows

[andy-nagare]

Summary

sf org list does not show all scratch orgs on newly installed computer even though DevHub is set.

Steps To Reproduce

1. Have a DevHub
2. Create an Active Scratch Org for 7 days
3. Go to a new computer or re-install windows to completely remove VSCode and history
4. Install CLI
5. Install JDK 21 from Oracle
6. Install VSCode
7. Install Salesforce Extension Pack
8. Set JDK path
9. In VSCode terminal, run sf org login web --set-default-dev-hub --alias [YourDevHub]
10. sf org list ( and tried sf org list --clean, --skip-connection-status --all )
11. Try on another computer that has never used VSCode and CLI before, repeat the steps above

Expected result

It should list the active scratch orgs that are currently linked to the default active DevHub

Actual result

It does not list ANY active scratch orgs that are currently linked to the default active DevHub; it only shows the DevHub itself.

{
"architecture": "win32-x64",
"cliVersion": "@salesforce/cli/2.65.8",
"nodeVersion": "node-v20.18.0",
"osVersion": "Windows_NT 10.0.22631",
"rootPath": "C:\Program Files\sf\client",
"shell": "powershell",
"pluginVersions": [
"@oclif/plugin-autocomplete 3.2.7 (core)",
"@oclif/plugin-commands 4.1.5 (core)",
"@oclif/plugin-help 6.2.16 (core)",
"@oclif/plugin-not-found 3.2.24 (core)",
"@oclif/plugin-plugins 5.4.15 (core)",
"@oclif/plugin-search 1.2.13 (core)",
"@oclif/plugin-update 4.6.8 (core)",
"@oclif/plugin-version 2.2.15 (core)",
"@oclif/plugin-warn-if-update-available 3.1.20 (core)",
"@oclif/plugin-which 3.2.16 (core)",
"@salesforce/cli 2.65.8 (core)",
"apex 3.5.5 (core)",
"api 1.3.1 (core)",
"auth 3.6.70 (core)",
"data 3.9.0 (core)",
"deploy-retrieve 3.15.4 (core)",
"info 3.4.15 (core)",
"limits 3.3.37 (core)",
"marketplace 1.3.2 (core)",
"org 5.0.2 (core)",
"packaging 2.8.12 (core)",
"schema 3.3.39 (core)",
"settings 2.4.2 (core)",
"sobject 1.4.44 (core)",
"telemetry 3.6.18 (core)",
"templates 56.3.26 (core)",
"trust 3.7.38 (core)",
"user 3.6.0 (core)"
]
}

[github-actions]

Hello @andy-nagare 👋 It looks like you didn't include the full Salesforce CLI version information in your issue.
Please provide the output of version --verbose --json for the CLI you're using (sf or sfdx).

A few more things to check:

• Make sure you've provided detailed steps to reproduce your issue.
  • A repository that clearly demonstrates the bug is ideal.
• Make sure you've installed the latest version of Salesforce CLI. (docs)
  • Better yet, try the rc or nightly versions. (docs)
• Try running the doctor command to diagnose common issues.
• Search GitHub for existing related issues.

Thank you!

[github-actions]

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

[cristiand391]

this is working as designed, sf org list only shows orgs are authenticated to.

[andy-nagare]

@cristiand391

But in the situation that I described, how do developers resume authenticating the scratch org that they used to authenticated on the old machines? Or if new developers need to continue the work on the scratch org that they never authenticated to, and the previous developer is now departed from the team, how do the new developers authenticate these scratch orgs, IF the scratch org was created with generated user without resetting password?

Also, I am the developer who is authenticated to use DevHub, so I thought sf org list should be able to check my permission to list the same scratch orgs that I can see in my DevHub Active Scratch Orgs.

So in the scenario above, how do we handle this?

[cristiand391]

@andy-nagare

But in the situation that I described, how do developers resume authenticating the scratch org that they used to authenticated on the old machines?

users should generate a password for it via sf org generate password and authenticate on the new machine with sf org login web.

Or if new developers need to continue the work on the scratch org that they never authenticated to, and the previous developer is now departed from the team, how do the new developers authenticate these scratch orgs, IF the scratch org was created with generated user without resetting password?

Going from memory/docs, when we create a ScratchOrgInfo record we get a one-time auth code to authorize you when you run sf org create scratch. If you didn't reset/create a password for it I think you can't get the access to the org.

Also, I am the developer who is authenticated to use DevHub, so I thought sf org list should be able to check my permission to list the same scratch orgs that I can see in my DevHub Active Scratch Orgs.
So in the scenario above, how do we handle this?

I think it's because the one-time code auth code that, even if you have access to the ScratchOrgInfo records in your hub, you wouldn't be able to authenticate to those scratch orgs witouth a password.
docs:
https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_scratchorginfo.htm

simplified example of how it works (old blog post but I don't think much has changed):
https://jsforce.github.io/blog/posts/20170629-salesforce-dx-with-jsforce.html

I'll double check with my team next week to confirm.

[andy-nagare]

Thank you for your quick reply and thanks for closing the ticket.

@andy-nagare

But in the situation that I described, how do developers resume authenticating the scratch org that they used to authenticated on the old machines?

users should generate a password for it via sf org generate password and authenticate on the new machine with sf org login web.

Or if new developers need to continue the work on the scratch org that they never authenticated to, and the previous developer is now departed from the team, how do the new developers authenticate these scratch orgs, IF the scratch org was created with generated user without resetting password?

Going from memory/docs, when we create a ScratchOrgInfo record we get a one-time auth code to authorize you when you run sf org create scratch. If you didn't reset/create a password for it I think you can't get the access to the org.

Also, I am the developer who is authenticated to use DevHub, so I thought sf org list should be able to check my permission to list the same scratch orgs that I can see in my DevHub Active Scratch Orgs.
So in the scenario above, how do we handle this?

I think it's because the one-time code auth code that, even if you have access to the ScratchOrgInfo records in your hub, you wouldn't be able to authenticate to those scratch orgs witouth a password. docs: https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_scratchorginfo.htm

simplified example of how it works (old blog post but I don't think much has changed): https://jsforce.github.io/blog/posts/20170629-salesforce-dx-with-jsforce.html

I'll double check with my team next week to confirm.