Error Handling: ERROR running force:org:create: Error authenticating with JWT config due to: invalid assertion

ליאור נכתב על ידי ליאור לביא, עודכן בתאריך 03/11/2023

Error Message

ERROR running force:org:create: Error authenticating with JWT config due to: invalid assertion

Why Are We Seeing This Error Message?

Sometimes, when attempting to create a new scratch org using the sfdx force:org:create command, you may encounter the error message Error authenticating with JWT config due to: invalid assertion.

The reason for this error is Salesforce CLI's attempt to authenticate with our Dev Hub environment using the JWT protocol instead of Web Login authentication to create our scratch org. This situation can occur if our project had an SSL key file (with a .key extension) used for connecting to our Dev Hub environment, for example, in an Azure DevOps pipeline or other automation tools, and we removed the key afterward.

Solution

To resolve this error message, we need to log out of our Dev Hub environment and then log back in using Web Login.

Error Message

sfdx force:org:create -s -f config/project-scratch-def.json -a MyScratchOrgAlias -u MyDevHubAlias
ERROR running force:org:create: Error authenticating with JWT config due to: invalid assertion
invalid assertion
invalid assertion
invalid assertion
invalid assertion

Performing Logout

sfdx force:auth:logout -u MyDevHubAlias
Are you sure you want to log out from these org(s)? MyEmail@MyCompany.co.il
Important: You need a password to reauthorize scratch orgs. By default, scratch orgs have no password. If you still need your scratch orgs, run "sfdx force:user:password:generate" before logging out. If you don't need the scratch orgs anymore, run "sfdx force:org:delete" instead of logging out.
Log out (y/n)?: y
Successfully logged out of orgs: MyEmail@MyCompany.co.il

Reconnecting and Setting Our Default DevHub

sfdx auth:web:login -a MyDevHub -d
Successfully authorized MyEmail@MyCompany.co.il with org ID 00D***

Creating a New Scratch org Successfully

sfdx force:org:create -s -f config/project-scratch-def.json -a CS4231 -u ProductsProduction
Successfully created scratch org: 00D***, username: test-random@example.com

That's it. Now Salesforce CLI should be able to connect successfully to our Dev Hub environment and create new scratch orgs without the error message.