npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ocapi-auth

v1.0.0

Published

Module provide JWT and OAUTH2 authorization for Salesforce Commerce Cloud OCAPI

Downloads

18

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

elythingolelythingol

Keywords

ocapidemandwarescc

Readme

ocapi-auth

Simple no dependency module, which provide jwt or oauth2 authentication for Salesforce Commerce Cloud (Demandware) OCAPI

Table of contents

Installation

$ npm i ocapi-auth

Usage

const { createJwtToken } = require('ocapi-auth')
  
const jwt = await createJwtToken({
  hostname: 'test.sandbox.com',
  site: 'SiteGenesis',
  type: 'credentials',
  authorization: 'bG9naW46cGFzc3dvcmQ='
})

API

createJwtToken(options, httpOptions)

Create and return JWT token

options:

  • raw - if true, will return a response as object in {header, body} format (default: false)
  • version - OCAPI version. (default: 18.7)
  • hostname - target host for shop API calls without path, e.g account.demandware.com.
  • site - target site
  • type - type of authorization, can be credentials, guest, refresh, session
  • clientId - OCAPI client Id. If empty - default developer client id will be used
  • authorization - authorization info
    • for guest type - leave it empty
    • for credentials type - base64 encode client login:password. Can be with Basic keyword or without
    • for session type - dwsid and dwsecuretoken cookie in string format e.g 'dwsid=value;dwsecuretoken_d6=value'
    • for refreshtype - JWT token to refresh. Can be with Bearer keyword or without

httpOptions

  • Http options from http module. Default options for rejectUnauthorized is true only for production APP_ENV

startSession(options, httpOptions)

Create a session bridge using JWT token. Returns set-cookie value from response

Options:

  • raw - will return a response as object in {header, body} format
  • version - OCAPI version. (default: 18.7)
  • hostname - target host for shop API calls without path, e.g account.demandware.com.
  • site - target site
  • authorization - JWT token to exchange

httpOptions

  • Http options from http module. Default options for rejectUnauthorized is true only for production APP_ENV

createOauthToken(options, httpOptions)

Create a OAUTH token and return response body.Can obtain Client Credentials and Business Manager user grants

Options:

  • raw - will return a response as object in {header, body} format
  • hostname - target host for calls without path. If empty, Client Credentials grant will be obtained from account.demandware.com
  • authorization - User Login:User Password:Client Password in base64 encoding. If empty, demo values will be used. Can be with Basic keyword or without
  • clientId - OCAPI client Id. If empty - default developer client id will be used

httpOptions

  • Http options from http module. Default options for rejectUnauthorized is true only for production APP_ENV

getPayload(jwt)

Return an object with decoded JWT token payload

  • jwt - OCAPI jwt token

getHeader(jwt)

Return an object with decoded OCAPI JWT token header

  • jwt - OCAPI jwt token

getSignature(jwt)

Return an OCAPI JWT token signature

  • jwt - OCAPI jwt token

Examples

Refresh JWT token

const jwt = await createJwtToken({
  type: 'refresh',
  hostname: 'test10.sandbox.com',
  site: 'SiteGenesis',
  clientId: '04ffcb90-121f-4db2-91a1-54cae79da873',
  authorization: 'eyJfdiI6IjEiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfdiI6IjEiLCJleHAiOjE1MzQzMzI3NDksImlhdCI6MTUzNDMzMDk0OSwiaXNzIjoiYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhIiwic3ViIjoie1wiX3ZcIjpcIjFcIixcImN1c3RvbWVyX2luZm9c1237XCJjdXN0b21lcl9pZFwiOlwiYWI0cU1hNEVXTVhOdG1mTlYzdkpod1MyeUFcIixcImd1ZXN0XCI6dHJ1ZX19In0'
})
console.log(jwt)
//Bearer eyJfdiI6IjEiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.11.dl8XgldAVo8SGRDrrSAdnbD_tnRnfYwIrohjhsPW78JgTif2kukQqnB74RgKHRx6U5CTBee8ktTVwqnmtguRTwnI1NbYsMyf3pCjz67qrqB6NMoNOscFQpcCpgwh0xvlPUqj8j8bBnYTciUues66WeQI38pvTfH4j3oaucbjiNjwkUGCPs_LS_JYaTNhkdqjlRDBcyYo3h8ArKx_5YJK18aynZ00coTdezBKLTzMb7ByQTjiYk7tOi-111-DBFFb11jtaxaA-LwzP8XZrXJ6c_lBPysEJ_y7GwuPU3HuE

Create session bridge

const session = await startSession({
  hostname: 'test10.sandbox.com',
  site: 'SiteGenesis',
  authorization: 'eyJfdiI6IjEiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.11.dl8XgldAVo8SGRDrrSAdnbD_tnRnfYwIrohjhsPW78JgTif2kukQqnB74RgKHRx6U5CTBee8ktTVwqnmtguRTwnI1NbYsMyf3pCjz67qrqB6NMoNOscFQpcCpgwh0xvlPUqj8j8bBnYTciUues66WeQI38pvTfH4j3oaucbjiNjwkUGCPs_LS_JYaTNhkdqjlRDBcyYo3h8ArKx_5YJK18aynZ00coTdezBKLTzMb7ByQTjiYk7tOi-111-DBFFb11jtaxaA-LwzP8XZrXJ6c_lBPysEJ_y7GwuPU3HuE'
})
console.log(session)
/*[ 'dwsecuretoken_d6ba5aaa95d9e677ab103d74c76dc070=7lEE0m7klEXyyP5H5-Ela-9_NTg5JvfQFA==; Version=1; Comment="Demandware Secure Token for site Sites-adidas-GB-Site"; Path=/; Secure; HttpOnly',
  'dwsid=hxx0vh8XPy7sbyGezjyvGhwkgew84x30r-TKPJtP_m1AUKmVswzkBS31flmUlwC1U7meiMxpCby4I8hYR1CXZw==; Path=/; HttpOnly',
  '__cq_dnt=0; Path=/',
  'dw_dnt=0; Path=/',
  'dwanonymous_d6ba5aaa95d9e677ab103d74c76dc070=ac3MRVWXuTV1eapHtdKXuQL3Bt; Version=1; Comment="Demandware anonymous cookie for site Sites-adidas-GB-Site"; Max-Age=15552000; Expires=Mon, 11-Feb-2019 12:03:23 GMT; Path=/' ] */

Obtain OAUTH Client Credentials grants

const oauth = await createOauthToken()
console.log(oauth)
//{"access_token":"903648f4-3c6b-45ee-9655-f8742f0a538e","scope":"mail","token_type":"Bearer","expires_in":1799}

Obtain OAUTH Business Manager grants

const oauth = await createOauthToken({
  hostname: 'test10.sandbox.com',
  clientId: '04ffcb90-121f-4db2-91a1-54cae79da873',
  authorization: 'dGVzdDp0ZXN0OnRlc3Q='
})
console.log(oauth)
//{"access_token":"781d451f-0162-4457-a378-6b265038f6be","expires_in":899,"token_type":"Bearer"}