@cimplify/cli 0.7.3 → 0.7.5

package/templates/storefront-restaurant/components/account-pill.tsx

@@ -7,15 +7,8 @@ import { signInSilent } from "@cimplify/sdk";
 
 const CLIENT_ID = process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID ?? "";
 
-/**
- * Header sign-in / signed-in pill.
- *
- * - Tries cross-storefront SSO once on mount. If the shopper signed
- *   into any other Cimplify storefront recently, this resolves
- *   silently and the session lands without any UI flicker.
- * - When signed in, renders "Hi, {name}" linking to /account.
- * - When not signed in, renders the Cimplify Sign-In button.
- */
+// Attempts silent SSO on mount before showing the button so returning
+// shoppers don't see a flash of "Sign in" before landing as signed in.
 export function AccountPill() {
   const { session, loading, refresh } = useCimplifySession();
   const triedSilent = useRef(false);

package/templates/storefront-restaurant/lib/auth.ts

@@ -1,16 +1,35 @@
 import { headers } from "next/headers";
-import { getSessionFromCookieHeader, type CimplifySession } from "@cimplify/sdk/server";
+import {
+  getAccessTokenFromCookieHeader,
+  getServerClient,
+  getSessionFromCookieHeader,
+  type CimplifyClient,
+  type CimplifySession,
+} from "@cimplify/sdk/server";
 
 const CLIENT_ID = process.env.CIMPLIFY_CLIENT_ID ?? "";
 const AUTH_URL = process.env.CIMPLIFY_AUTH_URL;
 
+const oidcConfig = { clientId: CLIENT_ID, authUrl: AUTH_URL };
+
 export async function getSession(): Promise<CimplifySession | null> {
   if (!CLIENT_ID) return null;
   const cookieHeader = (await headers()).get("cookie");
-  return getSessionFromCookieHeader(
-    { clientId: CLIENT_ID, authUrl: AUTH_URL },
-    cookieHeader,
-  );
+  return getSessionFromCookieHeader(oidcConfig, cookieHeader);
+}
+
+// Returns a Cimplify server client with the signed-in customer's access
+// token attached (if any). Use this instead of getServerClient() on pages
+// that need personalized data: orders, subscriptions, price-list pricing.
+// Pages without `revalidate: 0` will share a cache across customers, so
+// only use this on routes that opt out of static caching.
+export async function getAuthenticatedServerClient(): Promise<CimplifyClient> {
+  const cookieHeader = (await headers()).get("cookie");
+  const accessToken =
+    CLIENT_ID && cookieHeader
+      ? getAccessTokenFromCookieHeader(oidcConfig, cookieHeader) ?? undefined
+      : undefined;
+  return getServerClient({ accessToken });
 }
 
 export type { CimplifySession } from "@cimplify/sdk/server";

package/templates/storefront-restaurant/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.55.0",
+    "@cimplify/sdk": "^0.57.0",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-retail/app/auth/signout/route.ts

@@ -1,11 +1,11 @@
-import { buildSignoutCookie } from "@cimplify/sdk/server";
+import { buildSignoutCookies } from "@cimplify/sdk/server";
 
 const CLIENT_ID = process.env.CIMPLIFY_CLIENT_ID ?? "";
 
 export async function POST(): Promise<Response> {
-  const cookie = buildSignoutCookie({ clientId: CLIENT_ID });
-  return new Response(JSON.stringify({ ok: true }), {
-    status: 200,
-    headers: { "Content-Type": "application/json", "Set-Cookie": cookie },
-  });
+  const headers = new Headers({ "Content-Type": "application/json" });
+  for (const cookie of buildSignoutCookies({ clientId: CLIENT_ID })) {
+    headers.append("Set-Cookie", cookie);
+  }
+  return new Response(JSON.stringify({ ok: true }), { status: 200, headers });
 }

package/templates/storefront-retail/components/account-pill.tsx

@@ -7,15 +7,8 @@ import { signInSilent } from "@cimplify/sdk";
 
 const CLIENT_ID = process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID ?? "";
 
-/**
- * Header sign-in / signed-in pill.
- *
- * - Tries cross-storefront SSO once on mount. If the shopper signed
- *   into any other Cimplify storefront recently, this resolves
- *   silently and the session lands without any UI flicker.
- * - When signed in, renders "Hi, {name}" linking to /account.
- * - When not signed in, renders the Cimplify Sign-In button.
- */
+// Attempts silent SSO on mount before showing the button so returning
+// shoppers don't see a flash of "Sign in" before landing as signed in.
 export function AccountPill() {
   const { session, loading, refresh } = useCimplifySession();
   const triedSilent = useRef(false);

package/templates/storefront-retail/lib/auth.ts

@@ -1,16 +1,35 @@
 import { headers } from "next/headers";
-import { getSessionFromCookieHeader, type CimplifySession } from "@cimplify/sdk/server";
+import {
+  getAccessTokenFromCookieHeader,
+  getServerClient,
+  getSessionFromCookieHeader,
+  type CimplifyClient,
+  type CimplifySession,
+} from "@cimplify/sdk/server";
 
 const CLIENT_ID = process.env.CIMPLIFY_CLIENT_ID ?? "";
 const AUTH_URL = process.env.CIMPLIFY_AUTH_URL;
 
+const oidcConfig = { clientId: CLIENT_ID, authUrl: AUTH_URL };
+
 export async function getSession(): Promise<CimplifySession | null> {
   if (!CLIENT_ID) return null;
   const cookieHeader = (await headers()).get("cookie");
-  return getSessionFromCookieHeader(
-    { clientId: CLIENT_ID, authUrl: AUTH_URL },
-    cookieHeader,
-  );
+  return getSessionFromCookieHeader(oidcConfig, cookieHeader);
+}
+
+// Returns a Cimplify server client with the signed-in customer's access
+// token attached (if any). Use this instead of getServerClient() on pages
+// that need personalized data: orders, subscriptions, price-list pricing.
+// Pages without `revalidate: 0` will share a cache across customers, so
+// only use this on routes that opt out of static caching.
+export async function getAuthenticatedServerClient(): Promise<CimplifyClient> {
+  const cookieHeader = (await headers()).get("cookie");
+  const accessToken =
+    CLIENT_ID && cookieHeader
+      ? getAccessTokenFromCookieHeader(oidcConfig, cookieHeader) ?? undefined
+      : undefined;
+  return getServerClient({ accessToken });
 }
 
 export type { CimplifySession } from "@cimplify/sdk/server";

package/templates/storefront-retail/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.55.0",
+    "@cimplify/sdk": "^0.57.0",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-services/app/auth/signout/route.ts

@@ -1,11 +1,11 @@
-import { buildSignoutCookie } from "@cimplify/sdk/server";
+import { buildSignoutCookies } from "@cimplify/sdk/server";
 
 const CLIENT_ID = process.env.CIMPLIFY_CLIENT_ID ?? "";
 
 export async function POST(): Promise<Response> {
-  const cookie = buildSignoutCookie({ clientId: CLIENT_ID });
-  return new Response(JSON.stringify({ ok: true }), {
-    status: 200,
-    headers: { "Content-Type": "application/json", "Set-Cookie": cookie },
-  });
+  const headers = new Headers({ "Content-Type": "application/json" });
+  for (const cookie of buildSignoutCookies({ clientId: CLIENT_ID })) {
+    headers.append("Set-Cookie", cookie);
+  }
+  return new Response(JSON.stringify({ ok: true }), { status: 200, headers });
 }

package/templates/storefront-services/components/account-pill.tsx

@@ -7,15 +7,8 @@ import { signInSilent } from "@cimplify/sdk";
 
 const CLIENT_ID = process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID ?? "";
 
-/**
- * Header sign-in / signed-in pill.
- *
- * - Tries cross-storefront SSO once on mount. If the shopper signed
- *   into any other Cimplify storefront recently, this resolves
- *   silently and the session lands without any UI flicker.
- * - When signed in, renders "Hi, {name}" linking to /account.
- * - When not signed in, renders the Cimplify Sign-In button.
- */
+// Attempts silent SSO on mount before showing the button so returning
+// shoppers don't see a flash of "Sign in" before landing as signed in.
 export function AccountPill() {
   const { session, loading, refresh } = useCimplifySession();
   const triedSilent = useRef(false);

package/templates/storefront-services/lib/auth.ts

@@ -1,16 +1,35 @@
 import { headers } from "next/headers";
-import { getSessionFromCookieHeader, type CimplifySession } from "@cimplify/sdk/server";
+import {
+  getAccessTokenFromCookieHeader,
+  getServerClient,
+  getSessionFromCookieHeader,
+  type CimplifyClient,
+  type CimplifySession,
+} from "@cimplify/sdk/server";
 
 const CLIENT_ID = process.env.CIMPLIFY_CLIENT_ID ?? "";
 const AUTH_URL = process.env.CIMPLIFY_AUTH_URL;
 
+const oidcConfig = { clientId: CLIENT_ID, authUrl: AUTH_URL };
+
 export async function getSession(): Promise<CimplifySession | null> {
   if (!CLIENT_ID) return null;
   const cookieHeader = (await headers()).get("cookie");
-  return getSessionFromCookieHeader(
-    { clientId: CLIENT_ID, authUrl: AUTH_URL },
-    cookieHeader,
-  );
+  return getSessionFromCookieHeader(oidcConfig, cookieHeader);
+}
+
+// Returns a Cimplify server client with the signed-in customer's access
+// token attached (if any). Use this instead of getServerClient() on pages
+// that need personalized data: orders, subscriptions, price-list pricing.
+// Pages without `revalidate: 0` will share a cache across customers, so
+// only use this on routes that opt out of static caching.
+export async function getAuthenticatedServerClient(): Promise<CimplifyClient> {
+  const cookieHeader = (await headers()).get("cookie");
+  const accessToken =
+    CLIENT_ID && cookieHeader
+      ? getAccessTokenFromCookieHeader(oidcConfig, cookieHeader) ?? undefined
+      : undefined;
+  return getServerClient({ accessToken });
 }
 
 export type { CimplifySession } from "@cimplify/sdk/server";

package/templates/storefront-services/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.55.0",
+    "@cimplify/sdk": "^0.57.0",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"