Logs in a shopper with credentials that are managed by a B2C Commerce instance (ECOM). It follows the authorization code grant flow as defined by the OAuth 2.1 standard. It also uses a proof key for code exchange (PKCE).
For PKCE values:
code_verifier string is a random string used for the /token endpoint request.code_challenge is an encoded version of the code_verifier string using an SHA-256 hash.The request must include a basic authorization header that contains a Base64 encoded version of the following string: \<shopperUserID\>:\<shopperPassword\>.
Required parameters: code_challenge, channel_id, client_id, and redirect_uri.
Optional parameters: usid.
The SLAS /login endpoint redirects back to the redirect URI and returns an authorization code.
Calls to /login made with the same loginId and tenantId within 1 second will result in a conflict.
If you would like to get a raw Response object use the other authenticateCustomer function.
An object containing the options for this method.
A promise of type void.
Logs in a shopper with credentials that are managed by a B2C Commerce instance (ECOM). It follows the authorization code grant flow as defined by the OAuth 2.1 standard. It also uses a proof key for code exchange (PKCE).
For PKCE values:
code_verifier string is a random string used for the /token endpoint request.code_challenge is an encoded version of the code_verifier string using an SHA-256 hash.The request must include a basic authorization header that contains a Base64 encoded version of the following string: \<shopperUserID\>:\<shopperPassword\>.
Required parameters: code_challenge, channel_id, client_id, and redirect_uri.
Optional parameters: usid.
The SLAS /login endpoint redirects back to the redirect URI and returns an authorization code.
Calls to /login made with the same loginId and tenantId within 1 second will result in a conflict.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type void otherwise.
Get an authorization code after authenticating a user against an identity provider (IDP). This is the first step of the OAuth 2.1 authorization code flow, where a user can log in via federation to the IDP configured for the client. After successfully logging in, the user gets an authorization code via a redirect URI.
This endpoint can be called from the front channel (the browser).
If you would like to get a raw Response object use the other authorizeCustomer function.
An object containing the options for this method.
A promise of type void.
Get an authorization code after authenticating a user against an identity provider (IDP). This is the first step of the OAuth 2.1 authorization code flow, where a user can log in via federation to the IDP configured for the client. After successfully logging in, the user gets an authorization code via a redirect URI.
This endpoint can be called from the front channel (the browser).
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type void otherwise.
Allows the customer to authenticate when their identity provider is down.
If you would like to get a raw Response object use the other authorizePasswordlessCustomer function.
An object containing the options for this method.
A promise of type Object.
Allows the customer to authenticate when their identity provider is down.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type Object otherwise.
Get the shopper or guest JWT access token and a refresh token. This is the second step of the OAuth 2.1 authorization code flow.
For a private client, an application is able to get an access token for the shopper through the back channel (a trusted server) by passing in the client credentials and the authorization code retrieved from the authorize endpoint.
For a guest user, get the shopper JWT access token and a refresh token. This is where a client appplication is able to get an access token for the guest user through the back channel (a trusted server) by passing in the client credentials.
For a public client using PKCE, an application will pass a PKCE code_verifier that matches the code_challenge that was used to authorize the customer along with the authorization code.
When refreshing the access token with a private client ID and client secret, the refresh token is not regenerated. However, when refreshing the access token with a public client ID, the refresh token is always regenerated. The old refresh token is voided with every refresh call, so the refresh token on the client needs to be replaced to always store the new refresh token.
See the Body section for required parameters, including grant_type and others, depending on the value of grant_type.
Important: We strongly recommended using the channel_id query parameter because *it will be required in the future.
If you would like to get a raw Response object use the other getAccessToken function.
An object containing the options for this method.
A promise of type ShopperLogin.TokenResponse.
Get the shopper or guest JWT access token and a refresh token. This is the second step of the OAuth 2.1 authorization code flow.
For a private client, an application is able to get an access token for the shopper through the back channel (a trusted server) by passing in the client credentials and the authorization code retrieved from the authorize endpoint.
For a guest user, get the shopper JWT access token and a refresh token. This is where a client appplication is able to get an access token for the guest user through the back channel (a trusted server) by passing in the client credentials.
For a public client using PKCE, an application will pass a PKCE code_verifier that matches the code_challenge that was used to authorize the customer along with the authorization code.
When refreshing the access token with a private client ID and client secret, the refresh token is not regenerated. However, when refreshing the access token with a public client ID, the refresh token is always regenerated. The old refresh token is voided with every refresh call, so the refresh token on the client needs to be replaced to always store the new refresh token.
See the Body section for required parameters, including grant_type and others, depending on the value of grant_type.
Important: We strongly recommended using the channel_id query parameter because *it will be required in the future.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type ShopperLogin.TokenResponse otherwise.
Returns a JSON Web Key Set (JWKS) containing the current, past, and future public keys. The key set enables clients to validate the Shopper JSON Web Token (JWT) issued by SLAS.
For performance purposes, the /jwks endpoint is rate limited to 25 call per minute.
If you would like to get a raw Response object use the other getJwksUri function.
An object containing the options for this method.
A promise of type Object.
Returns a JSON Web Key Set (JWKS) containing the current, past, and future public keys. The key set enables clients to validate the Shopper JSON Web Token (JWT) issued by SLAS.
For performance purposes, the /jwks endpoint is rate limited to 25 call per minute.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type Object otherwise.
Issue a shopper token (JWT).
If you would like to get a raw Response object use the other getPasswordLessAccessToken function.
An object containing the options for this method.
A promise of type ShopperLogin.TokenResponse.
Issue a shopper token (JWT).
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type ShopperLogin.TokenResponse otherwise.
Request a reset password token
If you would like to get a raw Response object use the other getPasswordResetToken function.
An object containing the options for this method.
A promise of type void.
Request a reset password token
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type void otherwise.
Get a shopper JWT access token for a registered customer using session bridge.
For public client id requests the grant_type must be set to session_bridge.
For private client_id and secret the grant_type must be set to client_credentials along with a basic authorization header.
DEPRECATED* - As of January 31, 2024, SLAS will no longer support the SESB dwsid parameter for guest users for session-bridge/token calls. It is recommended to transition over to using a SESB dwsgst token.
The dwsid will still be needed for registered user session-bridge/token calls.
If you would like to get a raw Response object use the other getSessionBridgeAccessToken function.
An object containing the options for this method.
A promise of type ShopperLogin.TokenResponse.
Get a shopper JWT access token for a registered customer using session bridge.
For public client id requests the grant_type must be set to session_bridge.
For private client_id and secret the grant_type must be set to client_credentials along with a basic authorization header.
DEPRECATED* - As of January 31, 2024, SLAS will no longer support the SESB dwsid parameter for guest users for session-bridge/token calls. It is recommended to transition over to using a SESB dwsgst token.
The dwsid will still be needed for registered user session-bridge/token calls.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type ShopperLogin.TokenResponse otherwise.
Get a shopper JWT access token for a registered customer using a trusted agent (merchant).
If using a SLAS private client ID, you must also use an _sfdc_client_auth header.
The value of the _sfdc_client_auth header must be a Base64-encoded string. The string is composed of a SLAS private client ID and client secret, separated by a colon (:). For example, privateClientId:privateClientsecret becomes cHJpdmF0ZUNsaWVudElkOnByaXZhdGVDbGllbnRzZWNyZXQ= after Base64 encoding.
If you would like to get a raw Response object use the other getTrustedAgentAccessToken function.
An object containing the options for this method.
A promise of type ShopperLogin.TokenResponse.
Get a shopper JWT access token for a registered customer using a trusted agent (merchant).
If using a SLAS private client ID, you must also use an _sfdc_client_auth header.
The value of the _sfdc_client_auth header must be a Base64-encoded string. The string is composed of a SLAS private client ID and client secret, separated by a colon (:). For example, privateClientId:privateClientsecret becomes cHJpdmF0ZUNsaWVudElkOnByaXZhdGVDbGllbnRzZWNyZXQ= after Base64 encoding.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type ShopperLogin.TokenResponse otherwise.
Obtains a new agent on behalf authorization token for a registered customer.
If you would like to get a raw Response object use the other getTrustedAgentAuthorizationToken function.
An object containing the options for this method.
A promise of type void.
Obtains a new agent on behalf authorization token for a registered customer.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type void otherwise.
Get a shopper JWT access token for a registered customer whose credentials are stored using a third party system.
For trusted-system requests, a basic authorization header that includes a SLAS client ID and SLAS client secret can be used in place of the bearer token.
If you would like to get a raw Response object use the other getTrustedSystemAccessToken function.
An object containing the options for this method.
A promise of type ShopperLogin.TokenResponse.
Get a shopper JWT access token for a registered customer whose credentials are stored using a third party system.
For trusted-system requests, a basic authorization header that includes a SLAS client ID and SLAS client secret can be used in place of the bearer token.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type ShopperLogin.TokenResponse otherwise.
Returns a JSON listing of claims about the currently authenticated user.
If you would like to get a raw Response object use the other getUserInfo function.
An object containing the options for this method.
A promise of type Object.
Returns a JSON listing of claims about the currently authenticated user.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type Object otherwise.
Returns a JSON listing of the OpenID/OAuth endpoints, supported scopes and claims, public keys used to sign the tokens, and other details.
For performance purposes, the /jwks endpoint is rate limited to 25 call per minute.
If you would like to get a raw Response object use the other getWellknownOpenidConfiguration function.
An object containing the options for this method.
A promise of type Object.
Returns a JSON listing of the OpenID/OAuth endpoints, supported scopes and claims, public keys used to sign the tokens, and other details.
For performance purposes, the /jwks endpoint is rate limited to 25 call per minute.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type Object otherwise.
Returns the token properties. A basic auth header with Base64-encoded clientId:secret is required in the Authorization header, as well as an access token or refresh token. Use token_type_hint to help identify the token.
If you would like to get a raw Response object use the other introspectToken function.
An object containing the options for this method.
A promise of type Object.
Returns the token properties. A basic auth header with Base64-encoded clientId:secret is required in the Authorization header, as well as an access token or refresh token. Use token_type_hint to help identify the token.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type Object otherwise.
Log out a shopper. The shopper's access token and refresh token are revoked. If the shopper authenticated with a B2C Commerce (ECOM) instance, the OCAPI JWT is also revoked. This should be called for Registered users that have logged in using SLAS. his should be called for registered users that have logged in using SLAS. This endpoint is not for use with guest users.
Required header: Authorization header bearer token of the Shopper access token to logout.
Required parameters: refresh token, channel_id, and client.
If you would like to get a raw Response object use the other logoutCustomer function.
An object containing the options for this method.
A promise of type ShopperLogin.TokenResponse.
Log out a shopper. The shopper's access token and refresh token are revoked. If the shopper authenticated with a B2C Commerce (ECOM) instance, the OCAPI JWT is also revoked. This should be called for Registered users that have logged in using SLAS. his should be called for registered users that have logged in using SLAS. This endpoint is not for use with guest users.
Required header: Authorization header bearer token of the Shopper access token to logout.
Required parameters: refresh token, channel_id, and client.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type ShopperLogin.TokenResponse otherwise.
Creates a new password
If you would like to get a raw Response object use the other resetPassword function.
An object containing the options for this method.
A promise of type void.
Creates a new password
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type void otherwise.
Invalidate the refresh token. A basic auth header with Base64-encoded clientId:secret is required in the Authorization header, and the refresh token to be revoked is required in the body.
If you would like to get a raw Response object use the other revokeToken function.
An object containing the options for this method.
A promise of type ShopperLogin.TokenResponse.
Invalidate the refresh token. A basic auth header with Base64-encoded clientId:secret is required in the Authorization header, and the refresh token to be revoked is required in the body.
An object containing the options for this method.
Set to true to return entire Response object instead of DTO.
A promise of type Response if rawResponse is true, a promise of type ShopperLogin.TokenResponse otherwise.
Generated using TypeDoc
Shopper Login and API Access Service
Enable shoppers to log in more easily, stay logged in for longer, and get a more fluid and personalized shopping experience powered by Shopper APIs.
Example with shopper auth
import { Customer, ClientConfig, Customer, slasHelpers } from "commerce-sdk"; // or const { Customer, ClientConfig, Customer, slasHelpers } = require("commerce-sdk"); const clientConfig: ClientConfig = { parameters: { clientId: "XXXXXX", organizationId: "XXXX", shortCode: "XXX", siteId: "XX" } }; // must be registered in SLAS. On server, redirectURI is never called const redirectURI = "http://localhost:3000/callback"; const slasClient = new Customer.ShopperLogin(clientConfig); token = await slasHelpers.loginGuestUser(slasClient, { redirectURI }); clientConfig.headers['authorization'] = `Bearer ${token.access_token}`; const shopperLoginClient = new Customer.ShopperLogin(clientConfig);Last Updated: