@W-20893800: Adding support for stateful auth [sfcc-ci compatibility]#167
@W-20893800: Adding support for stateful auth [sfcc-ci compatibility]#167amit-kumar8-sf wants to merge 18 commits intomainfrom
Conversation
github-actions
bot
added
the
needs-3pl-review
|
Hi @amit-kumar8-sf . We definitely don't need the Compatibility with sfcc-ci here doesn't mean it needs to be compatible with sfcc-cis storage (there's no reason folks would be using both tools at once). It just needs to be compatible with the pattern of storing the auth state on disk for future commands. |
@clavery Sure, if it doesn't needs to align with the sfcc-ci storage, then I will get rid of the conf package completely and move everything under oclif's control. Will share the updated PR by EOD today. |
github-actions
bot
removed
the
needs-3pl-review
|
|
||
| static examples = [ | ||
| '<%= config.bin %> <%= command.id %>', | ||
| '<%= config.bin %> <%= command.id %> --client-id your-client-id', |
There was a problem hiding this comment.
Can we make client ID a positional argument rather than using the flag (flag is fine too but positional aligns with existing sfcc-ci conventions so folks will be more comfortable)
There was a problem hiding this comment.
Thanks @clavery 😄
I can update it to a positional argument, but existing b2c auth token and b2c scapi custom status commands make use of the attributes --client-id and --client-secret. Should I make the change in those commands as well?
My only motivation here is to have it same across the board to avoid any confusion for the developers.
There was a problem hiding this comment.
No the flags should remain the same. Only this one command should also support a positional and it should take precedence over existing client-id configuration AND should not set a client secret. auth:login in sfcc-ci forces an implicit auth and we need to do that here using the explicit positional
There was a problem hiding this comment.
Updated to take it as a positional argument.
|
Thanks for the contribution! Before we can merge this, we need @amit-kumar8-sf to sign the Salesforce Inc. Contributor License Agreement. |
2 participants
Summary
Adds stateful authentication to the B2C CLI, compatible with sfcc-ci's stored session mechanism. Tokens are persisted on disk and reused across CLI commands without re-authentication.
New commands:
b2c auth client— Non-interactive auth viaclient_credentialsorpasswordgrant, with optional--renewfor auto-renewalb2c auth client renew— Refresh a stored token usingrefresh_tokenorclient_credentialsfallbackb2c auth client token— Return the stored token (raw to stdout, or full metadata with--json)b2c auth login/b2c auth logout— Browser-based login/logout with session persistenceStateful auth integration in existing commands:
getOAuthStrategy()inOAuthCommandprefers a valid stored session over stateless auth--client-secret,--user-auth,--auth-methods) are passedStorage:
confpackage with project namesfcc-ci, sharing the same keys (SFCC_CLIENT_ID,SFCC_CLIENT_TOKEN,SFCC_REFRESH_TOKEN,SFCC_CLIENT_RENEW_BASE,SFCC_USER) for cross-tool compatibilityNo breaking changes: When no stateful session exists or it is expired, behavior is unchanged.
Testing
stateful-store.ts: session CRUD,isStatefulTokenValid(expiry, scopes, client ID matching, invalid JWT)oauth-command.ts: stateful session preference, expired token warnings, explicit flag override, client ID matching passthroughauth client,auth client renew,auth client token): credential validation, grant type auto-detection, token storage, renewal flows, JSON/raw output, error handlingtrace()on stubbed loggerconfstore (sfcc-ci-testviaNODE_ENV=test) to avoid interference with real user configDependencies
3pl-approvedis set by a maintainerpnpm test)pnpm run format)