I simply want to create a scratch org in a CI/CD, connect to it with jsforce to make queries with a node service, and then destroy it at the end of the CI/CD
Option 1: Create a new Connected App from my CI/CD using the metadata of the main org
Problem: There is no way to automatically retrieve the ID and secret of this app
Option 2 (the most feasible option): Use the Connected App from my main org for the user of my scratch org
Problem: Although I have the application in 'OAuth Apps' from the user created in the scratch org, access is blocked (response: invalid grant) when I use the credentials of the Connected App and those of my new user
Option 3: Avoid using a Connected App
Problem: There is no simple way to automatically retrieve the security token to add it to the password
Configuration of my Connected App in my main org:
<isAdminApproved>true</isAdminApproved>
<isConsumerSecretOptional>false</isConsumerSecretOptional>
<isIntrospectAllTokens>false</isIntrospectAllTokens>
<isSecretRequiredForRefreshToken>false</isSecretRequiredForRefreshToken>
<oauthPolicy>
<ipRelaxation>BYPASS</ipRelaxation>
<refreshTokenPolicy>infinite</refreshTokenPolicy>
</oauthPolicy>
<permissionSetName>Synchronizer Access</permissionSetName>
<profileName>System Administrator</profileName>
I have configured a permission to access to my app in my main org since I had to put isAdminApproved to true to make it work.
Also, an access token is returned after the execution of sf org create scratch, however I cannot use it to connect to my scratch org with jsforce. It seems the returned token is not used for that purpose.
My scratch org contains the following config:
"features": ["EnableSetPasswordInApi", "API", "AuthorApex"],
"settings": {
"lightningExperienceSettings": {
"enableS1DesktopEnabled": true
},
"apexSettings": {
"enableCompileOnDeploy": true
},
"OauthOidcSettings": {
"blockOAuthUnPwFlow": false
}
}
The solution was to use the access_token returned by sfdx force:org:display instead of the one returned by sf org create scratch.