Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@W-18034005 - [POC] Implement hybrid auth compatibility for PWA Kit v2.x #2327

Open
wants to merge 16 commits into
base: release-2.9.x
Choose a base branch
from
Open

@W-18034005 - [POC] Implement hybrid auth compatibility for PWA Kit v2.x #2327

wants to merge 16 commits into from

Conversation

shethj
Copy link
Collaborator

@shethj shethj commented Mar 22, 2025
edited
Loading

Description

As a hybrid auth stakeholder, I'd like to know the exact code changes required to make hybrid auth compatible with PWA Kit v2.x. Once the code changes are frozen, I can estimate the effort required for customer adoption for the same.

Outline of changes required for POC:

  1. Update session sync between pwa and sfra in commerce-api

  • Current logic in v2.x: pwa kit saves a copy of the refresh token in local storage. For each SCAPI request, the key and value in the localstorage is compared with that in the cookies. If either key or value doesn’t match, the accessToken is considered invalid and refresh_token flow is executed.

  • Updated logic: Leverage cc-at cookie coming in from SFRA and consume directly if found in cookies on PWA Kit side.

  1. Server Affinity Changes
  • v2.x commerce-api updated to send dwsid header with all OCAPI/SCAPI calls for server affinity
  • v2.x commerce-api updated to remove calls to OCAPI /sessions
  1. Hybrid Auth Support
  • Allowed cookie passthrough in commerce-api fetch calls to SLAS

Types of Changes

  • Bug fix (non-breaking change that fixes an issue)
  • [] New feature (non-breaking change that adds functionality)
  • Documentation update
  • Breaking change (could cause existing functionality to not work as expected)
  • Other changes (non-breaking changes that does not fit any of the above)

Breaking changes include:

  • Removing a public function or component or prop
  • Adding a required argument to a function
  • Changing the data type of a function parameter or return value
  • Adding a new peer dependency to package.json

Changes

  • Updated commerce-api storage structure to manage local/cookie/memory storage
  • Updated logic to sync sessions between SFRA & PWA Kit stores.
  • Added sfdc_dwsid header to all OCAPI/SCAPI calls
  • Allowed cookie passthrough for SLAS calls in commerce-api

How to Test-Drive This PR

Checklists

General

  • Changes are covered by test cases
  • CHANGELOG.md updated with a short description of changes (not required for documentation updates)

Accessibility Compliance

You must check off all items in one of the follow two lists:

  • There are no changes to UI

or...

Localization

  • Changes include a UI text update in the Retail React App (which requires translation)

@shethj shethj marked this pull request as ready for review March 22, 2025 09:59
@shethj shethj requested a review from a team as a code owner March 22, 2025 09:59
unandyala
unandyala reviewed Mar 26, 2025
View reviewed changes
Copy link
Collaborator

@unandyala unandyala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@unandyala unandyala unandyala left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shethj @unandyala