@salesforce/b2c-tooling-sdk / auth / ImplicitOAuthStrategy

Class: ImplicitOAuthStrategy

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:113

OAuth 2.0 Implicit Grant Flow authentication strategy.

This strategy is used when only a client ID is available (no client secret). It opens a browser for the user to authenticate with Account Manager, then captures the access token from the OAuth redirect.

Note: The access token from implicit flow is valid for 30 minutes and cannot be renewed. This flow requires user interaction and a TTY.

Example

typescript

import { ImplicitOAuthStrategy } from '@salesforce/b2c-tooling-sdk';

const auth = new ImplicitOAuthStrategy({
  clientId: 'your-client-id',
  scopes: ['sfcc.products', 'sfcc.orders'],
});

// Will open browser for authentication
const response = await auth.fetch('https://example.com/api/resource');

Implements

AuthStrategy

Constructors

Constructor

new ImplicitOAuthStrategy(config): ImplicitOAuthStrategy

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:119

Parameters

config

ImplicitOAuthConfig

Returns

ImplicitOAuthStrategy

Methods

fetch()

fetch(url, init): Promise<Response>

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:137

Performs a fetch request with authentication. Implementations MUST handle header injection and 401 retries (token refresh) internally.

Parameters

url

string

init

FetchInit = {}

Returns

Promise<Response>

Implementation of

AuthStrategy.fetch

getAuthorizationHeader()

getAuthorizationHeader(): Promise<string>

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:179

Optional: Helper for legacy clients (like a strict WebDAV lib) that need the raw header.

Returns

Promise<string>

Implementation of

AuthStrategy.getAuthorizationHeader

getJWT()

getJWT(): Promise<DecodedJWT>

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:187

Gets the decoded JWT payload

Returns

Promise<DecodedJWT>

getTokenResponse()

getTokenResponse(): Promise<AccessTokenResponse>

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:196

Gets the full token response including expiration and scopes. Useful for commands that need to display or return token metadata.

Returns

Promise<AccessTokenResponse>

invalidateToken()

invalidateToken(): void

Defined in: packages/b2c-tooling-sdk/src/auth/oauth-implicit.ts:220

Invalidates the cached token, forcing re-authentication on next request

Returns

void

Implementation of

AuthStrategy.invalidateToken

Class: ImplicitOAuthStrategy ​

Example ​

Implements ​

Constructors ​

Constructor ​

Parameters ​

config ​

Returns ​

Methods ​

fetch() ​

Parameters ​

url ​

init ​

Returns ​

Implementation of ​

getAuthorizationHeader() ​

Returns ​

Implementation of ​

getJWT() ​

Returns ​

getTokenResponse() ​

Returns ​

invalidateToken() ​

Returns ​

Implementation of ​

Class: ImplicitOAuthStrategy

Example

Implements

Constructors

Constructor

Parameters

config

Returns

Methods

fetch()

Parameters

url

init

Returns

Implementation of

getAuthorizationHeader()

Returns

Implementation of

getJWT()

Returns

getTokenResponse()

Returns

invalidateToken()

Returns

Implementation of