--- editLink: false lastUpdated: false --- [@salesforce/b2c-tooling-sdk](../../modules.md) / [auth](../index.md) / OAuthStrategy # Class: OAuthStrategy Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:34](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth.ts#L34) ## Implements - [`AuthStrategy`](../interfaces/AuthStrategy.md) ## Constructors ### Constructor > **new OAuthStrategy**(`config`): `OAuthStrategy` Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:38](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth.ts#L38) #### Parameters ##### config [`OAuthConfig`](../interfaces/OAuthConfig.md) #### Returns `OAuthStrategy` ## Methods ### fetch() > **fetch**(`url`, `init`): `Promise`\<`Response`\> Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:42](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth.ts#L42) Performs a fetch request with authentication. Implementations MUST handle header injection and 401 retries (token refresh) internally. #### Parameters ##### url `string` ##### init [`FetchInit`](../type-aliases/FetchInit.md) = `{}` #### Returns `Promise`\<`Response`\> #### Implementation of [`AuthStrategy`](../interfaces/AuthStrategy.md).[`fetch`](../interfaces/AuthStrategy.md#fetch) *** ### getAuthorizationHeader() > **getAuthorizationHeader**(): `Promise`\<`string`\> Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:70](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth.ts#L70) Optional: Helper for legacy clients (like a strict WebDAV lib) that need the raw header. #### Returns `Promise`\<`string`\> #### Implementation of [`AuthStrategy`](../interfaces/AuthStrategy.md).[`getAuthorizationHeader`](../interfaces/AuthStrategy.md#getauthorizationheader) *** ### getJWT() > **getJWT**(): `Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\> Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:78](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth.ts#L78) Gets the decoded JWT payload #### Returns `Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\> *** ### getTokenResponse() > **getTokenResponse**(): `Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\> Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:87](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth.ts#L87) Gets the full token response including expiration and scopes. Useful for commands that need to display or return token metadata. #### Returns `Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\> *** ### invalidateToken() > **invalidateToken**(): `void` Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:111](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth.ts#L111) Invalidates the cached token, forcing re-authentication on next request #### Returns `void` #### Implementation of [`AuthStrategy`](../interfaces/AuthStrategy.md).[`invalidateToken`](../interfaces/AuthStrategy.md#invalidatetoken) *** ### withAdditionalScopes() > **withAdditionalScopes**(`additionalScopes`): `OAuthStrategy` Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:122](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/oauth.ts#L122) Creates a new OAuthStrategy with additional scopes merged in. Used by clients that have specific scope requirements. #### Parameters ##### additionalScopes `string`[] Scopes to add to this strategy's existing scopes #### Returns `OAuthStrategy` A new OAuthStrategy instance with merged scopes