Oauth Access Token about commercecloud-ocapi-client HOT 6 CLOSED

@jeremywiebe I am fairly new to SFCC, but wouldn't you need an oauth token to do an order search on the entire system? I think JWT would bind an order search the customer which wouldn't be system wide. Order Search

I can understand that you may not want to handle the entire oauth process but maybe allow a third party library to be passed in on construction or add it as a dependency?

The only alternative that I see is to construct a new api client instance every time oauth expires or possibly find out how to reset the header value.

from commercecloud-ocapi-client.

Hi @trainerbill

We don't see OAuth token management as being something that this library should manage. In the Shop API, OAuth is used, but the API itself does not provide any functions for retrieving or refreshing OAuth tokens (that's done through a separate Demandware API at account.demandware.com).

Have you tried using JWT tokens for your scenario? It's a simpler process and is supported directly by the Shop API. Check out the docs here

Given that fetching the OAuth token is explicitly not a part of the Shop API, we won't be adding automatic token management of them to this library.

from commercecloud-ocapi-client.

Hey @trainerbill

If you want to update your oAuth token you can take a look at how the oAuth token is set in the constructor (https://github.com/mobify/commercecloud-ocapi-client/blob/develop/src/ApiClient.js#L88). There shouldn't be any problem with updating this value through your client instance. See below:

import ShopApi from 'commercecloud-ocapi-client'

const instance = new ShopApi.ApiClient()

instance.authentications.oauth2_application.accessToken = <new_token>

We don't have any plans on token oAuth management at this time as this client is only for accessing the endpoints exposed from the shop API (oAuth is usually done on another server and another API as in this case).

An idea to solve your problem would be to manager the token within your application, here is an external package that you can probably use to help refresh those tokens. https://www.npmjs.com/package/refresh-token

from commercecloud-ocapi-client.

Are any of you guys on the sfcc community slack chat? Since you are suggesting JWT, I was wondering if you have ever successfully got a JWT on the client side using the session bridge. The dwsid and dwsecure tokens are both HTTP cookies so they can't be read in document.cookie.

from commercecloud-ocapi-client.

I know this thread is a bit old, but just wanted to send a heads up that I have a PR about to submit to add oAuth token generation into the client. Will store credentials and check expiration to regenerate new token whenever needed to pass along in headers for any call requiring OAuth authentication. Currently sitting in a forked branch/repo if anyone needs access in the interim!

from commercecloud-ocapi-client.

Hey @agrohs, this library was actually autogenerated using swagger codegen in its inception. Although there have been minor changes to the original codebase to fix bugs and requests from clients, we don't plan on adding any features to it at the moment.

Reason being is that the library is currently being used by many of our clients and adding any additional code might have negative consequences to load times (we use this for mobile ecomm websites). It'll also break any kind of code autogeneration we plan on doing in the future.

We are however thinking about changing this repo somewhat and making the code generation fully automatic. It's quite possible that the latest swagger codegen includes oauth token generation, but having a quick look at it, I don't think it does.

But having said all that, I believe that @jeremywiebe is correct. This is a client for a salesforce restful api, not for the oauth authentication api. So it's not responsible for maintaining that token.

from commercecloud-ocapi-client.