search

forcedotcom / code-builder-feedback

This repository is used to collect feedback for the Code Builder beta.
29 stars 2 forks source link

SFDX: Authorize an Org failed to run (IP address whitelisting Issue) #235

Closed RajJani closed 10 months ago

RajJani commented 10 months ago

Describe the bug When I try to Authorize an Org, It triggers the device login and on successful login to the org the code builder environment still fails to authorize the org/add the org to my list of available orgs.

To Reproduce Steps to reproduce the behavior:

  1. Go to the Default DX-PROJECT
  2. Click on 'Ctrl+Shift+P'
  3. Type SFDX>Authorize an Org
  4. Select Sbx/Prd and log in successfully.
  5. Allow the Salesforce Cli to connect to the Org.
  6. Click Ok.
  7. See Error in OUTPUT window.

Expected behavior Should Authorize my Org.

Current behavior sfdx org:login:device --alias dev --instance-url https://test.salesforce.com --set-default --json --loglevel fatal ended with exit code 1

Screenshots image

Desktop (please complete the following information):

Additional context On Inspecting the Log file at home>codebuilder>.sf>sf-2023-10-27.log This is the log message I see. {"level":50,"time":1698432970295,"name":"sf:DeviceOauthService","msg":"Polling error: invalid_grant: token exchange failed"}

RajJani commented 10 months ago

Update: this behavior only occurs on orgs that have IP whitelisting. So Is there a way to find out what is the IP of the VM that is running the Code builder instance?

RajJani commented 10 months ago

Update 2 : I can See the source IP in my users Login history. But that IP might change In the Future. So is there a future proof IP range?

ryanbrainard commented 10 months ago

@RajJani Thank you for trying Code Builder. As you discovered, Code Builder is currently incompatible with IP restrictions. While you can add the Code Builder environment's outbound IP to your allow list, please understand that 1) it is not a static IP and will change in the future and 2) that outbound IP may be used by any other environment, including those of other customers. With that said, if you want to find your Code Builder environment's current outbound IP, you can open the Terminal in the environment run curl https://ifconfig.me and your IP will be displayed. If the IP address changes, you will need to repeat these steps to adjust your IP allow list.

RajJani commented 10 months ago

@ryanbrainard Appreciate you looking at my comments. Yes we can Whitelist the Code builder in the org we are working with, but this I am sure there are many other companies that are using whitelisting on their org. I would love to see some sort of feature/workaround so that the Devs can set and forget. Meanwhile Love the product.

Thanks, Raj

TroyWitthoeft commented 10 months ago

Code Builder is great. It's ramping up our dev onboarding time.
+1 for some sort of Code Builder Static IP outbound or similar feature.

Or perhaps a clever workaround? I'd imagine that the SF Org could be aware of the AWS IP ranges that Code Builder is operating out of and allow those in with a feature toggle?

sullivannich commented 9 months ago

+1 for supporting whitelisting IP address solution. Our company's security policies require the ip restriction, and I know salesforce cares about security and would respect that.