Store the configuration locally and do some light validation to ensure
that we have some clientScopes defined. We also set a member called
{@see api} to an instance of {@see CommercetoolsAuthApi}, which handles
the lower level commercetools request.
Private apiThe {@see CommercetoolsAuthApi} handles the actual sending of the request and any lower level outgoing or incoming transformation of data.
Readonly configThe internal configuration. This is a combination of the CommercetoolsAuthConfig
type passed in to the constructor and the default values specified in the
configDefaults object.
Private Optional grantThis holds the client grant, once one has been generated.
Private grantWhenever we either refresh the client grant, or request a new one, we don't want to allow any other requests to be initiated until that request has completed. This promise is used to determine whether incoming requests need to wait on an existing client grant request to complete before they can start to be processed.
Get a grant for an anonymous customer.
If you pass a value to the AnonymousGrantOptions.anonymousId
options parameter property then this must not exist within the commercetools
system for your project key, otherwise an error will be thrown. Typically
this property would be left undefined and commercetools will then create
a unique id for the anonymous user automatically.
Example code to generate an anonymous customer grant:
import { Region, CommercetoolsAuth } from '@gradientedge/commercetools-utils'
async function example() {
const auth = new CommercetoolsAuth({
projectKey: 'your-project-key',
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
region: Region.EUROPE_GCP,
clientScopes: [
'view_published_products',
'view_categories',
'manage_customers',
'create_anonymous_token'
]
})
const grant = await auth.getAnonymousGrant()
console.log('Anonymous customer grant:', grant)
}
example()
Optional options: AnonymousGrantOptionsGet a client grant
If we don't already have a client grant stored locally, then we make a call to commercetools to generate one. Once we have a grant, we store it locally and then return that cached version up until it needs to be renewed.
Login the customer using the given options.
If the LoginOptions.scopes property isn't set on the options
parameter then we'll use the scopes set on CommercetoolsAuthConfig.customerScopes.
If this doesn't contain any values either, then this method will throw
an error due to the security risk of the customer having a grant with
the same privileges as the client API key.
Example login code:
import { Region, CommercetoolsAuth } from '@gradientedge/commercetools-utils'
async function example() {
const auth = new CommercetoolsAuth({
projectKey: 'your-project-key',
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
region: Region.EUROPE_GCP,
clientScopes: [
'view_published_products',
'view_categories',
'manage_customers',
'create_anonymous_token'
]
})
const grant = await auth.login({
username: 'test@gradientedge.com',
password: 'testing123'
})
console.log('Customer grant:', grant)
}
example()
Note that there is no need to call getClientGrant in order to generate a client grant. The class internally requests one if it doesn't have a non-expired grant already cached locally.
Refresh the customer's grant given a refresh token
Provides an easy to use set of methods for communicating with the commercetools HTTP Authorization API: https://docs.commercetools.com/api/authorization
To create an instance of the class and get a client grant:
An instance of this class is designed to be stored as a global, long-lived object. If you're using a serverless environment such as AWS Lambda or an Azure Function App, you can safely instantiate this class outside of your function handler and have it exist for as long the serverless environment allows.