npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

b2c-plugin-slas-idp

v0.1.2

Published

B2C CLI plugin for managing SLAS identity provider configurations.

Downloads

471

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

fastforwardfastforward

Keywords

b2csfccslasidpidentity-provideroclifplugin

Readme

B2C Plugin: SLAS Identity Providers

Manage SLAS identity provider (IDP) settings from the b2c CLI.

If you are new to SLAS: an identity provider is the external login service (Google, Apple, Auth0, Okta, and so on) that shoppers use for social or federated login. This plugin lets you list, inspect, create, update, and delete those IDP configurations through commands like b2c slas idp list.

What this plugin adds

The core b2c CLI already supports SLAS client management (b2c slas client ...).

This plugin adds SLAS IDP management:

| Command | What it does | | --- | --- | | b2c slas idp list | Show all IDPs configured for a tenant | | b2c slas idp get <name> | Show one IDP configuration | | b2c slas idp register <name> | Create or update an IDP | | b2c slas idp delete <name> | Remove an IDP |

Prerequisites

Before you start, make sure you have:

  1. Node.js 20.19+ installed
  2. b2c CLI 1.11+ installed and working (b2c --version)
  3. A SCAPI short code for your organization (example: kv7kzm78)
  4. A SLAS tenant ID for the sandbox you want to manage (example: zziu_006)
  5. Permission to call the SLAS Admin API (same auth model as b2c slas client)

Install the plugin (local development)

Run these commands from the FAST repository root:

cd cli/b2c-plugin-slas-idp
npm install
npm run build
b2c plugins link "$(pwd)"

Verify the plugin loaded:

b2c help slas idp

You should see list, get, register, and delete.

Important: tenant ID format

SLAS tenant IDs use an underscore:

  • Correct: zziu_006
  • Wrong for SLAS API calls: zziu-006 (that hyphen form is the ODS hostname prefix)

If you use the wrong format, commands may fail or target the wrong tenant.

Authentication options

These commands use the same authentication model as b2c slas client.

Option A: Browser login (good for first-time testing)

b2c slas idp list --user-auth --tenant-id zziu_006 --short-code kv7kzm78

Your user needs the SLAS Organization Administrator role.

Option B: API client credentials (good for automation)

Set environment variables before running commands:

export SFCC_CLIENT_ID="your-client-id"
export SFCC_CLIENT_SECRET="your-client-secret"
export SFCC_SHORTCODE="kv7kzm78"
export SFCC_TENANT_ID="zziu_006"

The API client needs the Sandbox API User role.

You can also pass values as flags instead of environment variables:

  • --short-code
  • --tenant-id
  • --client-id
  • --client-secret

Command walkthrough

1. List IDPs

b2c slas idp list --tenant-id zziu_006 --short-code kv7kzm78

What you should see:

  • A small table with Name, Preferred, and Redirect URL
  • Or the message No SLAS identity providers found. when the tenant has none yet

Machine-readable output:

b2c slas idp list --tenant-id zziu_006 --short-code kv7kzm78 --json

2. Get one IDP

b2c slas idp get google --tenant-id zziu_006 --short-code kv7kzm78

Notes for beginners:

  • Human output masks the client secret as ********
  • --json includes the real secret so you can copy configurations between tenants

3. Register (create or update) an IDP

Most people use a JSON file:

b2c slas idp register google --tenant-id zziu_010 --from-file ./google-idp.json

You can also pass OIDC fields as flags. These match the official SLAS Admin API PUT examples.

Google (full OIDC shape):

b2c slas idp register google --tenant-id zziu_010 --short-code kv7kzm78 \
  --client-id "idp-client-id" \
  --client-secret "idp-secret" \
  --auth-url "https://accounts.google.com/o/oauth2/v2/auth" \
  --token-url "https://oauth2.googleapis.com/token" \
  --token-info-url "https://oauth2.googleapis.com/tokeninfo" \
  --user-info-url "https://www.googleapis.com/oauth2/v3/userinfo" \
  --redirect-url "https://kv7kzm78.api.commercecloud.salesforce.com/shopper/auth/v1/idp/callback/google" \
  --well-known-url "https://accounts.google.com/.well-known/openid-configuration" \
  --scopes openid,email,profile \
  --preference-value \
  --no-is-client-creds-body \
  --login-merge-claims email \
  --oidc-claim-mapper "accessToken=access_token,refreshToken=refresh_token,email=email"

Salesforce:

b2c slas idp register salesforce --tenant-id zziu_010 --short-code kv7kzm78 \
  --client-id "$CONNECTED_APP_CONSUMER_ID" \
  --client-secret "$CONNECTED_APP_CONSUMER_SECRET" \
  --auth-url "https://login.salesforce.com/services/oauth2/authorize" \
  --token-url "https://login.salesforce.com/services/oauth2/token" \
  --token-info-url "https://login.salesforce.com/services/oauth2/introspect" \
  --user-info-url "https://login.salesforce.com/services/oauth2/userinfo" \
  --redirect-url "https://kv7kzm78.api.commercecloud.salesforce.com/shopper/auth/v1/idp/callback/salesforce" \
  --well-known-url "https://login.salesforce.com/.well-known/openid-configuration" \
  --scopes openid,email,profile

Payload rules (aligned with the registerIdentityProvider schema):

  • name must be one of the documented enum values (google, salesforce, apple, …) or the special path default-idp
  • isPreferred defaults to false; pass --preference-value to set true
  • isClientCredsBody is always sent (defaults to false; pass --is-client-creds-body for true)
  • --well-known-url is required when you register with flags; copy workflows include it from the source JSON when present
  • Pass --use-well-known to let SLAS populate OIDC URLs and scopes from the well-known document
  • Apple-only fields: --team-id, --key-id
  • Register PUT bodies send isPreferred (the live API rejects preferenceValue despite the schema docs)

Run b2c help slas idp register for the full flag list.

register is create-or-update:

  • HTTP 201 means created
  • HTTP 200 means updated

4. Delete an IDP

b2c slas idp delete google --tenant-id zziu_010 --short-code kv7kzm78

Destructive commands respect the B2C CLI safe-mode guard, same as other b2c delete commands.

Common workflow: copy an IDP to another tenant

This is useful when a child sandbox needs the same Google/Apple/Auth0 setup as a template sandbox.

# Step 1: export from source tenant
b2c slas idp get google --tenant-id zziu_006 --short-code kv7kzm78 --json > /tmp/google-idp.json

# Step 2: review the file and update redirectUrl or secrets if needed
# Step 3: import into target tenant
b2c slas idp register google --tenant-id zziu_010 --short-code kv7kzm78 --from-file /tmp/google-idp.json

The plugin helper idpGetToRegisterBody() copies GET responses into register-ready PUT bodies, keeping isPreferred as the preferred flag.

Default IDP path

Some OIDC providers are registered through the special path name default-idp:

b2c slas idp register default-idp --tenant-id zziu_010 --from-file ./custom-idp.json

See the SLAS default IDP guide.

Programmatic API

You can call the plugin from Node.js scripts without going through oclif:

import { OAuthStrategy } from "@salesforce/b2c-tooling-sdk";
import {
  getIdp,
  idpGetToRegisterBody,
  registerIdp,
} from "b2c-plugin-slas-idp/api";

const oauth = new OAuthStrategy({
  clientId: process.env.SFCC_CLIENT_ID,
  clientSecret: process.env.SFCC_CLIENT_SECRET,
});

const sourceIdp = await getIdp({
  shortCode: "kv7kzm78",
  tenantId: "zziu_006",
  name: "google",
  oauth,
});

await registerIdp({
  shortCode: "kv7kzm78",
  tenantId: "zziu_010",
  name: "google",
  body: idpGetToRegisterBody(sourceIdp),
  oauth,
});

Project layout (for contributors)

src/
  api.ts                 # programmatic list/get/register/delete functions
  lib/
    api-types.ts         # shared option types
    idp.ts               # normalize/print/copy helpers
    register-body.ts     # build register payloads from flags or files
    slas-idp-command.ts  # shared OAuth base for all commands
  commands/slas/idp/     # oclif command classes

Troubleshooting

| Problem | Likely cause | What to try | | --- | --- | --- | | Command slas:idp not found | Plugin not linked | Run b2c plugins link again after npm run build | | SCAPI short code required | Missing short code | Set SFCC_SHORTCODE or pass --short-code | | Failed to list SLAS identity providers with 401 | Auth issue | Check client credentials or use --user-auth | | Wrong tenant results | Tenant ID format | Use underscore form like zziu_006 | | Missing required flags on register | No file and incomplete flags | Use --from-file or pass all required OIDC flags | | preferred flag was invalid on register | Body used preferenceValue instead of isPreferred | Fixed in 0.1.0+: register sends isPreferred | | Waiting for user to authenticate... in CI on register --from-file | register shadows OAuth --client-id; CLI fell back to implicit/public-client browser OAuth | Fixed in 0.1.2+: SLAS Admin API auth always uses SFCC_CLIENT_ID / SFCC_CLIENT_SECRET from the environment. Use --from-file for IDP payloads; do not rely on --client-id for Account Manager auth | | No SLAS identity providers found on a tenant with SLAS clients | Normal for tenants that exist but have zero IDPs yet | This is expected; use register to create the first IDP |

Run tests

npm test

Official references