@salesforce/b2c-tooling-sdk / auth / ImplicitOAuthStrategy

Class: ImplicitOAuthStrategy

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:100

OAuth 2.0 Implicit Grant Flow authentication strategy.

This strategy is used when only a client ID is available (no client secret). It opens a browser for the user to authenticate with Account Manager, then captures the access token from the OAuth redirect.

Note: The access token from implicit flow is valid for 30 minutes and cannot be renewed. This flow requires user interaction and a TTY.

Example

import { ImplicitOAuthStrategy } from '@salesforce/b2c-tooling-sdk';

const auth = new ImplicitOAuthStrategy({
  clientId: 'your-client-id',
  scopes: ['sfcc.products', 'sfcc.orders'],
});

// Will open browser for authentication
const response = await auth.fetch('https://example.com/api/resource');

Implements

• AuthStrategy

Constructors

Constructor

new ImplicitOAuthStrategy(config): ImplicitOAuthStrategy

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:104

Parameters

config

ImplicitOAuthConfig

Returns

ImplicitOAuthStrategy

Methods

fetch()

fetch(url, init): Promise<Response>

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:119

Performs a fetch request with authentication. Implementations MUST handle header injection and 401 retries (token refresh) internally.

Parameters

url

string

init

RequestInit = {}

Returns

Promise<Response>

Implementation of

AuthStrategy.fetch

---

getAuthorizationHeader()

getAuthorizationHeader(): Promise<string>

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:161

Optional: Helper for legacy clients (like a strict WebDAV lib) that need the raw header.

Returns

Promise<string>

Implementation of

AuthStrategy.getAuthorizationHeader

---

getJWT()

getJWT(): Promise<DecodedJWT>

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:169

Gets the decoded JWT payload

Returns

Promise<DecodedJWT>

---

getTokenResponse()

getTokenResponse(): Promise<AccessTokenResponse>

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:178

Gets the full token response including expiration and scopes. Useful for commands that need to display or return token metadata.

Returns

Promise<AccessTokenResponse>

---

invalidateToken()

invalidateToken(): void

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:202

Invalidates the cached token, forcing re-authentication on next request

Returns

void