Releases: commercelayer/commercelayer-js-auth
v6.0.1
What's Changed
🐛 Bug Fix
- The
encodeBase64URLSafe
method replaces the base64 instead of the payload by @marcomontalbano in #75
📝 Documentation
- Update README by @sfiorucci in #74
Full Changelog: v6.0.0...v6.0.1
v6.0.0
What's Changed
💥 Breaking Change
- New auth endpoint by @marcomontalbano in #68
🚀 Enhancement
- Add an helper to decode the JWT by @marcomontalbano in #69
- Add support to JWT Bearer by @marcomontalbano in #71
- Add
revoke
method by @marcomontalbano in #72
📝 Documentation
- Add custom header types by @marcomontalbano in #70
💥 Breaking changes
This library now uses the new https://auth.commercelayer.io/oauth/token
endpoint. We unified core
and provisioning
into a single authenticate
method.
# no more valid
- import { provisioning } from '@commercelayer/js-auth'
# no more valid
- import { core } from '@commercelayer/js-auth'
# new syntax
+ import { authenticate } from '@commercelayer/js-auth'
Examples
Core authentication
import { authenticate } from '@commercelayer/js-auth'
const auth = await authenticate('client_credentials', {
clientId: '{{ client_id }}',
scope: 'market:id:1234'
})
Provisioning authentication
Read more about how to get the client id and secret.
import { authenticate } from '@commercelayer/js-auth'
const auth = await authenticate('client_credentials', {
clientId: '{{ client_id }}',
clientSecret: '{{ client_secret }}',
})
Typescript
import { authenticate, type AuthenticateOptions } from '@commercelayer/js-auth'
const options: AuthenticateOptions<'client_credentials'> = {
clientId: '{{ client_id }}',
scope: 'market:id:1234'
}
const auth = await authenticate('client_credentials', options)
Decode an access token
We added an helper method to decode an access token:
import { authenticate, jwtDecode, jwtIsSalesChannel } from '@commercelayer/js-auth'
const auth = await authenticate('client_credentials', {
clientId: '{{ application_client_id }}',
scope: '{{ application_scope }}'
})
const decodedJWT = jwtDecode(auth.accessToken)
if (jwtIsSalesChannel(decodedJWT.payload)) {
console.log('organization slug is', decodedJWT.payload.organization.slug)
}
JWT bearer flow
JWT Bearer flow allows a client application to obtain an access token using a JSON Web Token (JWT) assertion.
We added support to the JWT bearer flow by introducing a new createAssertion
method:
const assertion = await createAssertion({
payload: {
'https://commercelayer.io/claims': {
owner: {
type: 'Customer',
id: '4tepftJsT2'
},
custom_claim: {
customer: {
first_name: 'John',
last_name: 'Doe'
}
}
}
}
})
Once you created the assertion you can get an access token using the urn:ietf:params:oauth:grant-type:jwt-bearer
grant type:
import { authenticate } from '@commercelayer/js-auth'
const auth = await authenticate('urn:ietf:params:oauth:grant-type:jwt-bearer', {
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
scope: 'market:code:europe',
assertion
})
console.log('My access token: ', auth.accessToken)
console.log('Expiration date: ', auth.expires)
Revoke an access token
We added the revoke
method.
Any previously generated access tokens (refresh tokens included) can be revoked before their natural expiration date.
import { revoke } from '@commercelayer/js-auth'
await revoke({
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
token: 'a-generated-access-token'
})
Full Changelog: v5.2.1...v6.0.0
v6.0.0-beta.2
What's Changed
📝 Documentation
- Add
exports.types
to the package.json by @marcomontalbano in #73
Full Changelog: v6.0.0-beta.1...v6.0.0-beta.2
v6.0.0-beta.1
What's Changed
🚀 Enhancement
- Add support to JWT Bearer by @marcomontalbano in #71
- Add
revoke
method by @marcomontalbano in #72
Full Changelog: v6.0.0-beta.0...v6.0.0-beta.1
v6.0.0-beta.0
What's Changed
💥 Breaking Change
- New auth endpoint by @marcomontalbano in #68
🚀 Enhancement
- Add an helper to decode the JWT by @marcomontalbano in #69
📝 Documentation
- Add custom header types by @marcomontalbano in #70
Full Changelog: v5.2.1...v6.0.0-beta.0
v5.2.1
What's Changed
🐛 Bug Fix
📝 Documentation
- Add more examples by @marcomontalbano in #66
Full Changelog: v5.2.0...v5.2.1
v5.2.0
What's Changed
🚀 Enhancement
- Update the
content-type
for provisioning toapplication/json
by @marcomontalbano in #62
Full Changelog: v5.1.0...v5.2.0
v5.1.0
What's Changed
🚀 Enhancement
- Move to Pure ESM. It still bundle to
cjs
andesm
. by @marcomontalbano in #61
Full Changelog: v5.0.0...v5.1.0
v5.0.0
What's Changed
💥 Breaking Change
- Remove backward-compatibility. remove export
default
and named exportauthentication
by @marcomontalbano in #59
Full Changelog: v4.3.0...v5.0.0