--- editLink: false lastUpdated: false --- [@salesforce/b2c-tooling-sdk](../modules.md) / auth # auth Authentication strategies for B2C Commerce APIs. This module provides different authentication mechanisms for connecting to B2C Commerce instances and platform services. ## Available Strategies - [BasicAuthStrategy](classes/BasicAuthStrategy.md) - Username/password authentication for WebDAV operations - [OAuthStrategy](classes/OAuthStrategy.md) - OAuth 2.0 client credentials for OCAPI and platform APIs - [ImplicitOAuthStrategy](classes/ImplicitOAuthStrategy.md) - Interactive browser-based OAuth for CLI/desktop apps - [ApiKeyStrategy](classes/ApiKeyStrategy.md) - API key authentication for MRT services ## Strategy Resolution Use [resolveAuthStrategy](functions/resolveAuthStrategy.md) to automatically select the best strategy based on available credentials and allowed methods: ```typescript import { resolveAuthStrategy } from '@salesforce/b2c-tooling-sdk'; // Automatically picks client-credentials if secret available, otherwise implicit const strategy = resolveAuthStrategy({ clientId: 'your-client-id', clientSecret: process.env.CLIENT_SECRET, // may be undefined }); // Force a specific method const implicitOnly = resolveAuthStrategy( { clientId: 'your-client-id' }, { allowedMethods: ['implicit'] } ); ``` ## Direct Usage All strategies implement the [AuthStrategy](interfaces/AuthStrategy.md) interface: ```typescript import { OAuthStrategy, ImplicitOAuthStrategy } from '@salesforce/b2c-tooling-sdk'; // For automated/server usage (client credentials) const oauthAuth = new OAuthStrategy({ clientId: 'your-client-id', clientSecret: 'your-client-secret', }); // For interactive/CLI usage (opens browser) const implicitAuth = new ImplicitOAuthStrategy({ clientId: 'your-client-id', }); ``` ## Classes - [ApiKeyStrategy](classes/ApiKeyStrategy.md) - [AuthMiddlewareRegistry](classes/AuthMiddlewareRegistry.md) - [BasicAuthStrategy](classes/BasicAuthStrategy.md) - [ImplicitOAuthStrategy](classes/ImplicitOAuthStrategy.md) - [OAuthStrategy](classes/OAuthStrategy.md) - [StatefulOAuthStrategy](classes/StatefulOAuthStrategy.md) ## Interfaces - [AccessTokenResponse](interfaces/AccessTokenResponse.md) - [ApiKeyAuthConfig](interfaces/ApiKeyAuthConfig.md) - [AuthConfig](interfaces/AuthConfig.md) - [AuthCredentials](interfaces/AuthCredentials.md) - [AuthMiddleware](interfaces/AuthMiddleware.md) - [AuthMiddlewareProvider](interfaces/AuthMiddlewareProvider.md) - [AuthStrategy](interfaces/AuthStrategy.md) - [AvailableAuthMethods](interfaces/AvailableAuthMethods.md) - [BasicAuthConfig](interfaces/BasicAuthConfig.md) - [DecodedJWT](interfaces/DecodedJWT.md) - [ImplicitOAuthConfig](interfaces/ImplicitOAuthConfig.md) - [OAuthAuthConfig](interfaces/OAuthAuthConfig.md) - [OAuthConfig](interfaces/OAuthConfig.md) - [ResolveAuthStrategyOptions](interfaces/ResolveAuthStrategyOptions.md) - [StatefulOAuthStrategyOptions](interfaces/StatefulOAuthStrategyOptions.md) - [StatefulSession](interfaces/StatefulSession.md) ## Type Aliases - [AuthMethod](type-aliases/AuthMethod.md) - [FetchInit](type-aliases/FetchInit.md) ## Variables - [ALL\_AUTH\_METHODS](variables/ALL_AUTH_METHODS.md) - [globalAuthMiddlewareRegistry](variables/globalAuthMiddlewareRegistry.md) ## Functions - [applyAuthRequestMiddleware](functions/applyAuthRequestMiddleware.md) - [applyAuthResponseMiddleware](functions/applyAuthResponseMiddleware.md) - [checkAvailableAuthMethods](functions/checkAvailableAuthMethods.md) - [clearStoredSession](functions/clearStoredSession.md) - [decodeJWT](functions/decodeJWT.md) - [getStoredSession](functions/getStoredSession.md) - [initializeStatefulStore](functions/initializeStatefulStore.md) - [isStatefulTokenValid](functions/isStatefulTokenValid.md) - [resolveAuthStrategy](functions/resolveAuthStrategy.md) - [setStoredSession](functions/setStoredSession.md)