Developer Preview — This project is in active development. APIs may change. Provide feedback
B2C DX

Appearance

@salesforce/b2c-tooling-sdk / auth / StatefulOAuthStrategy

Class: StatefulOAuthStrategy

Defined in: packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:30

Auth strategy that uses the stateful store (sfcc-ci compatible). On 401, attempts to refresh using stored refresh_token or client_credentials (renew base); on refresh failure clears the stored session.

Implements

Constructors

Constructor

new StatefulOAuthStrategy(session, options): StatefulOAuthStrategy

Defined in: packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:36

Parameters

session

StatefulSession

options

StatefulOAuthStrategyOptions

Returns

StatefulOAuthStrategy

Methods

fetch()

fetch(url, init): Promise<Response>

Defined in: packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:42

Performs a fetch request with authentication. Implementations MUST handle header injection and 401 retries (token refresh) internally.

Parameters

url

string

init

FetchInit = {}

Returns

Promise<Response>

Implementation of

AuthStrategy.fetch

getAuthorizationHeader()

getAuthorizationHeader(): Promise<string>

Defined in: packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:69

Optional: Helper for legacy clients (like a strict WebDAV lib) that need the raw header.

Returns

Promise<string>

Implementation of

AuthStrategy.getAuthorizationHeader

getJWT()

getJWT(): Promise<DecodedJWT>

Defined in: packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:90

Returns

Promise<DecodedJWT>

getTokenResponse()

getTokenResponse(): Promise<AccessTokenResponse>

Defined in: packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:77

Returns the current token as AccessTokenResponse (expires/scopes from JWT).

Returns

Promise<AccessTokenResponse>

invalidateToken()

invalidateToken(): void

Defined in: packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:95

Optional: Invalidates the cached token, forcing re-authentication on next request. Used by middleware to retry requests after receiving a 401 response.

Returns

void

Implementation of

AuthStrategy.invalidateToken

Released under the Apache-2.0 License.

Copyright © 2026 Salesforce, Inc.