--- editLink: false lastUpdated: false --- [@salesforce/b2c-tooling-sdk](../../modules.md) / [auth](../index.md) / StatefulOAuthStrategy # Class: StatefulOAuthStrategy Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:30](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L30) Auth strategy that uses the stateful store (sfcc-ci compatible). On 401, attempts to refresh using stored refresh_token or client_credentials (renew base); on refresh failure clears the stored session. ## Implements - [`AuthStrategy`](../interfaces/AuthStrategy.md) ## Constructors ### Constructor > **new StatefulOAuthStrategy**(`session`, `options`): `StatefulOAuthStrategy` Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:36](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L36) #### Parameters ##### session [`StatefulSession`](../interfaces/StatefulSession.md) ##### options [`StatefulOAuthStrategyOptions`](../interfaces/StatefulOAuthStrategyOptions.md) #### Returns `StatefulOAuthStrategy` ## Methods ### fetch() > **fetch**(`url`, `init`): `Promise`\<`Response`\> Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:42](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L42) Performs a fetch request with authentication. Implementations MUST handle header injection and 401 retries (token refresh) internally. #### Parameters ##### url `string` ##### init [`FetchInit`](../type-aliases/FetchInit.md) = `{}` #### Returns `Promise`\<`Response`\> #### Implementation of [`AuthStrategy`](../interfaces/AuthStrategy.md).[`fetch`](../interfaces/AuthStrategy.md#fetch) *** ### getAuthorizationHeader() > **getAuthorizationHeader**(): `Promise`\<`string`\> Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:69](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L69) Optional: Helper for legacy clients (like a strict WebDAV lib) that need the raw header. #### Returns `Promise`\<`string`\> #### Implementation of [`AuthStrategy`](../interfaces/AuthStrategy.md).[`getAuthorizationHeader`](../interfaces/AuthStrategy.md#getauthorizationheader) *** ### getJWT() > **getJWT**(): `Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\> Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:90](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L90) #### Returns `Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\> *** ### getTokenResponse() > **getTokenResponse**(): `Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\> Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:77](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L77) Returns the current token as AccessTokenResponse (expires/scopes from JWT). #### Returns `Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\> *** ### invalidateToken() > **invalidateToken**(): `void` Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:95](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/e7c16f1ae423da0aa47b3e10be88f9770b53619b/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L95) Optional: Invalidates the cached token, forcing re-authentication on next request. Used by middleware to retry requests after receiving a 401 response. #### Returns `void` #### Implementation of [`AuthStrategy`](../interfaces/AuthStrategy.md).[`invalidateToken`](../interfaces/AuthStrategy.md#invalidatetoken)