---
editLink: false
lastUpdated: false
---

[@salesforce/b2c-tooling-sdk](../../modules.md) / [auth](../index.md) / ImplicitOAuthStrategy

# Class: ImplicitOAuthStrategy

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:113](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts#L113)

OAuth 2.0 Implicit Grant Flow authentication strategy.

This strategy is used when only a client ID is available (no client secret).
It opens a browser for the user to authenticate with Account Manager,
then captures the access token from the OAuth redirect.

Note: The access token from implicit flow is valid for 30 minutes and cannot be renewed.
This flow requires user interaction and a TTY.

## Example

```typescript
import { ImplicitOAuthStrategy } from '@salesforce/b2c-tooling-sdk';

const auth = new ImplicitOAuthStrategy({
  clientId: 'your-client-id',
  scopes: ['sfcc.products', 'sfcc.orders'],
});

// Will open browser for authentication
const response = await auth.fetch('https://example.com/api/resource');
```

## Implements

- [`AuthStrategy`](../interfaces/AuthStrategy.md)

## Constructors

### Constructor

> **new ImplicitOAuthStrategy**(`config`): `ImplicitOAuthStrategy`

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:119](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts#L119)

#### Parameters

##### config

[`ImplicitOAuthConfig`](../interfaces/ImplicitOAuthConfig.md)

#### Returns

`ImplicitOAuthStrategy`

## Methods

### fetch()

> **fetch**(`url`, `init`): `Promise`\<`Response`\>

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:137](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts#L137)

Performs a fetch request with authentication.
Implementations MUST handle header injection and 401 retries (token refresh) internally.

#### Parameters

##### url

`string`

##### init

[`FetchInit`](../type-aliases/FetchInit.md) = `{}`

#### Returns

`Promise`\<`Response`\>

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`fetch`](../interfaces/AuthStrategy.md#fetch)

***

### getAuthorizationHeader()

> **getAuthorizationHeader**(): `Promise`\<`string`\>

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:179](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts#L179)

Optional: Helper for legacy clients (like a strict WebDAV lib) that need the raw header.

#### Returns

`Promise`\<`string`\>

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`getAuthorizationHeader`](../interfaces/AuthStrategy.md#getauthorizationheader)

***

### getJWT()

> **getJWT**(): `Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\>

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:187](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts#L187)

Gets the decoded JWT payload

#### Returns

`Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\>

***

### getTokenResponse()

> **getTokenResponse**(): `Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\>

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:196](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts#L196)

Gets the full token response including expiration and scopes.
Useful for commands that need to display or return token metadata.

#### Returns

`Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\>

***

### invalidateToken()

> **invalidateToken**(): `void`

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:220](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts#L220)

Invalidates the cached token, forcing re-authentication on next request

#### Returns

`void`

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`invalidateToken`](../interfaces/AuthStrategy.md#invalidatetoken)