@commercetools-frontend/mc-scripts 25.0.0 → 25.2.0

package/dist/login-abb38213.esm.js

@@ -0,0 +1,337 @@
+import _Promise from '@babel/runtime-corejs3/core-js-stable/promise';
+import _mapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/map';
+import _startsWithInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/starts-with';
+import _bindInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/bind';
+import _trimInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/trim';
+import _flatMapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/flat-map';
+import _setTimeout from '@babel/runtime-corejs3/core-js-stable/set-timeout';
+import _Date$now from '@babel/runtime-corejs3/core-js-stable/date/now';
+import _includesInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/includes';
+import _forEachInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/for-each';
+import _URL from '@babel/runtime-corejs3/core-js-stable/url';
+import crypto from 'node:crypto';
+import process, { exit } from 'node:process';
+import chalk from 'chalk';
+import { processConfig } from '@commercetools-frontend/application-config';
+import { p as pkgJson } from './package-9e6910b8.esm.js';
+import http from 'node:http';
+import jwtDecode from 'jwt-decode';
+import { C as CredentialsStorage } from './credentials-storage-fcc77fb6.esm.js';
+import '@babel/runtime-corejs3/helpers/classCallCheck';
+import '@babel/runtime-corejs3/helpers/createClass';
+import '@babel/runtime-corejs3/core-js-stable/json/stringify';
+import 'node:fs';
+import 'node:os';
+import 'node:path';
+import './does-file-exist-32618334.esm.js';
+
+function createAuthCallbackServer(options) {
+  const server = http.createServer(async (request, response) => {
+    try {
+      var _context, _context2;
+      if (((_context = request.url) == null ? void 0 : _bindInstanceProperty(_context2 = Function.call).call(_context2, _includesInstanceProperty(_context), _context))?.(`/${options.clientIdentifier}/oidc/callback`)) {
+        const incomingUrl = new _URL(request.url, 'http://localhost');
+        const sessionToken = incomingUrl.searchParams.get('sessionToken');
+        const requestedState = incomingUrl.searchParams.get('state');
+        if (!sessionToken) {
+          throw new Error('Invalid authentication flow (missing sessionToken)');
+        }
+        const decodedSessionToken = jwtDecode(sessionToken);
+        if (decodedSessionToken?.nonce !== options.nonce) {
+          throw new Error('Invalid authentication flow (nonce mismatch)');
+        }
+        if (requestedState !== options.state) {
+          throw new Error('Invalid authentication flow (state mismatch)');
+        }
+        options.onSuccess({
+          token: sessionToken,
+          expiresAt: decodedSessionToken.exp
+        });
+        response.setHeader('content-type', 'text/html');
+        response.end('Success!');
+        server.close(() => {
+          exit();
+        });
+      }
+    } catch (error) {
+      response.setHeader('content-type', 'text/html');
+      if (error instanceof Error) {
+        console.error(error.message);
+        response.end(error.message);
+      } else {
+        console.error(error);
+        response.end(`Invalid authentication flow.`);
+      }
+      server.close(() => {
+        exit();
+      });
+    }
+  });
+  return server;
+}
+
+const credentialsStorage = new CredentialsStorage();
+const port = 3001;
+const clientIdentifier = `mc-scripts-${pkgJson.version}`;
+const isServerError = error => {
+  return error instanceof Error && 'code' in error;
+};
+const startServer = server => new _Promise((resolve, reject) => {
+  server.listen(port, 'localhost').on('listening', resolve).on('error', error => {
+    if (isServerError(error) && error.code === 'EADDRINUSE') {
+      return reject(new Error(`The address "localhost:${port}" is already in use. Are you running a Merchant Center application in other process? Please stop that and try again.`, {
+        cause: error
+      }));
+    }
+    return reject(new Error('Problem starting server', {
+      cause: error
+    }));
+  }).on('close', () => {
+    process.exit();
+  });
+});
+const resolveMcApiUrl = async options => {
+  if (options.mcApiUrl) {
+    return options.mcApiUrl;
+  }
+
+  // We first check whether the user has set the MC_API_URL environment variable
+  if (process.env.MC_API_URL) {
+    return process.env.MC_API_URL;
+  }
+
+  // If not, we parse the configuration and check if it's defined over there
+  const applicationConfig = await processConfig();
+  const mcApiUrl = applicationConfig.env.mcApiUrl;
+  return mcApiUrl;
+};
+const resolveProjectKey = async options => {
+  if (options.projectKey) {
+    return options.projectKey;
+  }
+
+  // We first check whether the user has set the CTP_PROJECT_KEY environment variable
+  if (process.env.CTP_PROJECT_KEY) {
+    return process.env.CTP_PROJECT_KEY;
+  }
+  try {
+    const applicationConfig = await processConfig();
+    return applicationConfig.env.__DEVELOPMENT__?.oidc?.initialProjectKey;
+  } catch (error) {
+    // It's ok if there's not application config file or if it does not contain the initialProjectKey
+    return;
+  }
+};
+const mapOAuthScopesToClaims = scopes => {
+  return _mapInstanceProperty(scopes).call(scopes, scope => {
+    if (_startsWithInstanceProperty(scope).call(scope, 'view_')) {
+      return `view:${scope}`;
+    }
+    if (_startsWithInstanceProperty(scope).call(scope, 'manage_')) {
+      return `manage:${scope}`;
+    }
+    return scope;
+  });
+};
+const mapAdditionalOAuthScopesToClaims = (name, scopes) => {
+  return _mapInstanceProperty(scopes).call(scopes, scope => {
+    if (_startsWithInstanceProperty(scope).call(scope, 'view_')) {
+      return `view/${name}:${scope}`;
+    }
+    if (_startsWithInstanceProperty(scope).call(scope, 'manage_')) {
+      return `manage/${name}:${scope}`;
+    }
+    return scope;
+  });
+};
+const resolveOAuthScopes = async options => {
+  if (options.oauthScope) {
+    return mapOAuthScopesToClaims(options.oauthScope);
+  }
+
+  // We first check whether the user has set the CTP_OAUTH_SCOPES environment variable
+  if (process.env.CTP_OAUTH_SCOPES) {
+    var _context, _context2;
+    return mapOAuthScopesToClaims(((_context = process.env.CTP_OAUTH_SCOPES?.split(',')) == null ? void 0 : _bindInstanceProperty(_context2 = Function.call).call(_context2, _mapInstanceProperty(_context), _context))?.(scope => _trimInstanceProperty(scope).call(scope)) ?? []);
+  }
+  try {
+    var _context3, _context4, _context5, _context6;
+    const applicationConfig = await processConfig();
+    const configuredOAuthScopes = applicationConfig.env.__DEVELOPMENT__?.oidc?.oAuthScopes;
+    const configuredAdditionalOAuthScopes = applicationConfig.env.__DEVELOPMENT__?.oidc?.additionalOAuthScopes;
+    return [...mapOAuthScopesToClaims(configuredOAuthScopes?.view ?? []), ...mapOAuthScopesToClaims(configuredOAuthScopes?.manage ?? []), ...(((_context3 = configuredAdditionalOAuthScopes) == null ? void 0 : _bindInstanceProperty(_context4 = Function.call).call(_context4, _flatMapInstanceProperty(_context3), _context3))?.(scope => mapAdditionalOAuthScopesToClaims(scope.name, scope.view)) ?? []), ...(((_context5 = configuredAdditionalOAuthScopes) == null ? void 0 : _bindInstanceProperty(_context6 = Function.call).call(_context6, _flatMapInstanceProperty(_context5), _context5))?.(scope => mapAdditionalOAuthScopesToClaims(scope.name, scope.manage)) ?? [])];
+  } catch (error) {
+    // It's ok if there's not application config file or if it does not contain the initialProjectKey
+    return [];
+  }
+};
+const generateRandomHash = function () {
+  let length = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 16;
+  return crypto.randomBytes(length).toString('hex');
+};
+
+/**
+ * Performs headless login using Puppeteer.
+ * Requires IDENTITY_EMAIL and IDENTITY_PASSWORD environment variables.
+ */
+async function runHeadlessLogin(authUrl) {
+  const email = process.env.IDENTITY_EMAIL;
+  const password = process.env.IDENTITY_PASSWORD;
+  if (!email || !password) {
+    throw new Error('Headless login requires IDENTITY_EMAIL and IDENTITY_PASSWORD environment variables');
+  }
+  let puppeteer;
+  try {
+    puppeteer = await import('puppeteer');
+  } catch {
+    throw new Error('Puppeteer is required for headless login. Install it with: npm install puppeteer');
+  }
+  const browser = await puppeteer.default.launch({
+    headless: 'new',
+    args: ['--no-sandbox', '--disable-setuid-sandbox']
+  });
+  try {
+    const page = await browser.newPage();
+    await page.goto(authUrl.toString(), {
+      waitUntil: 'networkidle2'
+    });
+
+    // Wait for the login page to load
+    await page.waitForSelector('input[name="identifier"]', {
+      timeout: 30000
+    });
+
+    // Dismiss cookie banner if present
+    // Note: Using string-based evaluate to avoid bundler transforming Array.from
+    try {
+      await page.evaluate(`
+        (function() {
+          var buttons = Array.from(document.querySelectorAll('button'));
+          var acceptBtn = buttons.find(function(btn) {
+            return btn.textContent && btn.textContent.includes('Accept all cookies');
+          });
+          if (acceptBtn) acceptBtn.click();
+        })()
+      `);
+      await new _Promise(resolve => _setTimeout(resolve, 500));
+    } catch {
+      // Cookie banner not found or already dismissed
+    }
+
+    // Fill in email
+    await page.type('input[name="identifier"]', email);
+    await new _Promise(resolve => _setTimeout(resolve, 500));
+
+    // Click "Next" button
+    await page.evaluate(`
+      (function() {
+        var buttons = Array.from(document.querySelectorAll('button'));
+        var nextBtn = buttons.find(function(btn) {
+          return btn.textContent && btn.textContent.toLowerCase().includes('next');
+        });
+        if (nextBtn) nextBtn.click();
+      })()
+    `);
+
+    // Wait for password field
+    await page.waitForSelector('input[name="password"]', {
+      visible: true,
+      timeout: 30000
+    });
+
+    // Fill in password
+    await page.type('input[name="password"]', password);
+    await new _Promise(resolve => _setTimeout(resolve, 500));
+
+    // Click "Submit" button
+    await page.evaluate(`
+      (function() {
+        var buttons = Array.from(document.querySelectorAll('button'));
+        var submitBtn = buttons.find(function(btn) {
+          return btn.textContent && btn.textContent.toLowerCase().includes('submit');
+        });
+        if (submitBtn) submitBtn.click();
+      })()
+    `);
+
+    // Wait for the callback to be processed (the server will close and exit)
+    // We just need to keep the browser alive until the redirect happens
+    const startTime = _Date$now();
+    const timeout = 60000;
+    while (_Date$now() - startTime < timeout) {
+      await new _Promise(resolve => _setTimeout(resolve, 500));
+      const currentUrl = page.url();
+      if (_includesInstanceProperty(currentUrl).call(currentUrl, 'sessionToken=')) {
+        // Token was captured by the callback server, we can exit
+        break;
+      }
+      const pageContent = await page.content();
+      if (_includesInstanceProperty(pageContent).call(pageContent, 'Invalid credentials') || _includesInstanceProperty(pageContent).call(pageContent, 'invalid_grant')) {
+        throw new Error('Invalid credentials');
+      }
+
+      // Check if page shows success (callback server response)
+      if (_includesInstanceProperty(pageContent).call(pageContent, 'Success!')) {
+        break;
+      }
+    }
+  } finally {
+    await browser.close();
+  }
+}
+async function run(options) {
+  const mcApiUrl = await resolveMcApiUrl(options);
+  if (!mcApiUrl) {
+    throw new Error('No Merchant Center API URL found. Aborting.');
+  }
+  console.log(`Using Merchant Center environment "${chalk.green(mcApiUrl)}".`);
+  console.log();
+  if (!options.force && credentialsStorage.isSessionValid(mcApiUrl)) {
+    console.log(`You already have a valid session.`);
+    return;
+  }
+  const projectKey = await resolveProjectKey(options);
+  const oauthScopes = await resolveOAuthScopes(options);
+  const scopes = ['openid'];
+  if (projectKey) {
+    scopes.push(`project_key:${projectKey}`);
+    _forEachInstanceProperty(oauthScopes).call(oauthScopes, scope => {
+      scopes.push(scope);
+    });
+  }
+  const state = generateRandomHash();
+  const nonce = generateRandomHash();
+  const authUrl = new _URL('/login/authorize', mcApiUrl);
+  authUrl.searchParams.set('response_type', 'id_token');
+  authUrl.searchParams.set('response_mode', 'query');
+  authUrl.searchParams.set('client_id', `__local:${clientIdentifier}`);
+  authUrl.searchParams.set('scope', scopes.join(' '));
+  authUrl.searchParams.set('state', state);
+  authUrl.searchParams.set('nonce', nonce);
+  const server = createAuthCallbackServer({
+    clientIdentifier,
+    state,
+    nonce,
+    onSuccess: tokenContext => {
+      credentialsStorage.setToken(mcApiUrl, tokenContext);
+      console.log();
+      console.log(chalk.green(`Login successful.`));
+      console.log();
+    }
+  });
+  await startServer(server);
+  if (options.headless) {
+    console.log(`Initiating headless authentication flow using Puppeteer...`);
+    console.log();
+    await runHeadlessLogin(authUrl);
+  } else {
+    console.log(`Initiating the OIDC authentication flow, opening the login page in your browser...`);
+    console.log(`  ${authUrl}`);
+    console.log();
+    const open = await import('open');
+    await open.default(authUrl.toString());
+    console.log('Waiting for the OIDC authentication to complete...');
+  }
+}
+
+export { run as default };

package/dist/{login-9fac9eee.cjs.dev.js → login-f4550251.cjs.dev.js}

@@ -3,24 +3,25 @@
 var _Promise = require('@babel/runtime-corejs3/core-js-stable/promise');
 var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
 var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
-var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
+var _bindInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/bind');
 var _trimInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/trim');
 var _flatMapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/flat-map');
+var _setTimeout = require('@babel/runtime-corejs3/core-js-stable/set-timeout');
+var _Date$now = require('@babel/runtime-corejs3/core-js-stable/date/now');
+var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
 var _forEachInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/for-each');
 var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
 var crypto = require('node:crypto');
 var process = require('node:process');
 var chalk = require('chalk');
 var applicationConfig = require('@commercetools-frontend/application-config');
-var _package = require('./package-ff04bcf7.cjs.dev.js');
-var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
+var _package = require('./package-0eebca1b.cjs.dev.js');
 var http = require('node:http');
 var jwtDecode = require('jwt-decode');
-var credentialsStorage$1 = require('./credentials-storage-de220814.cjs.dev.js');
+var credentialsStorage$1 = require('./credentials-storage-c4c5980e.cjs.dev.js');
 require('@babel/runtime-corejs3/helpers/classCallCheck');
 require('@babel/runtime-corejs3/helpers/createClass');
 require('@babel/runtime-corejs3/core-js-stable/json/stringify');
-require('@babel/runtime-corejs3/core-js-stable/date/now');
 require('node:fs');
 require('node:os');
 require('node:path');
@@ -49,23 +50,25 @@ function _interopNamespace(e) {
 var _Promise__default = /*#__PURE__*/_interopDefault(_Promise);
 var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
 var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
-var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
+var _bindInstanceProperty__default = /*#__PURE__*/_interopDefault(_bindInstanceProperty);
 var _trimInstanceProperty__default = /*#__PURE__*/_interopDefault(_trimInstanceProperty);
 var _flatMapInstanceProperty__default = /*#__PURE__*/_interopDefault(_flatMapInstanceProperty);
+var _setTimeout__default = /*#__PURE__*/_interopDefault(_setTimeout);
+var _Date$now__default = /*#__PURE__*/_interopDefault(_Date$now);
+var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
 var _forEachInstanceProperty__default = /*#__PURE__*/_interopDefault(_forEachInstanceProperty);
 var _URL__default = /*#__PURE__*/_interopDefault(_URL);
 var crypto__default = /*#__PURE__*/_interopDefault(crypto);
 var process__default = /*#__PURE__*/_interopDefault(process);
 var chalk__default = /*#__PURE__*/_interopDefault(chalk);
-var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
 var http__default = /*#__PURE__*/_interopDefault(http);
 var jwtDecode__default = /*#__PURE__*/_interopDefault(jwtDecode);
 
 function createAuthCallbackServer(options) {
   const server = http__default["default"].createServer(async (request, response) => {
     try {
-      var _request$url;
-      if ((_request$url = request.url) !== null && _request$url !== void 0 && _includesInstanceProperty__default["default"](_request$url).call(_request$url, "/".concat(options.clientIdentifier, "/oidc/callback"))) {
+      var _context, _context2;
+      if (((_context = request.url) == null ? void 0 : _bindInstanceProperty__default["default"](_context2 = Function.call).call(_context2, _includesInstanceProperty__default["default"](_context), _context))?.(`/${options.clientIdentifier}/oidc/callback`)) {
         const incomingUrl = new _URL__default["default"](request.url, 'http://localhost');
         const sessionToken = incomingUrl.searchParams.get('sessionToken');
         const requestedState = incomingUrl.searchParams.get('state');
@@ -73,7 +76,7 @@ function createAuthCallbackServer(options) {
           throw new Error('Invalid authentication flow (missing sessionToken)');
         }
         const decodedSessionToken = jwtDecode__default["default"](sessionToken);
-        if ((decodedSessionToken === null || decodedSessionToken === void 0 ? void 0 : decodedSessionToken.nonce) !== options.nonce) {
+        if (decodedSessionToken?.nonce !== options.nonce) {
           throw new Error('Invalid authentication flow (nonce mismatch)');
         }
         if (requestedState !== options.state) {
@@ -96,7 +99,7 @@ function createAuthCallbackServer(options) {
         response.end(error.message);
       } else {
         console.error(error);
-        response.end("Invalid authentication flow.");
+        response.end(`Invalid authentication flow.`);
       }
       server.close(() => {
         process.exit();
@@ -108,14 +111,14 @@ function createAuthCallbackServer(options) {
 
 const credentialsStorage = new credentialsStorage$1.CredentialsStorage();
 const port = 3001;
-const clientIdentifier = "mc-scripts-".concat(_package.pkgJson.version);
+const clientIdentifier = `mc-scripts-${_package.pkgJson.version}`;
 const isServerError = error => {
   return error instanceof Error && 'code' in error;
 };
 const startServer = server => new _Promise__default["default"]((resolve, reject) => {
   server.listen(port, 'localhost').on('listening', resolve).on('error', error => {
     if (isServerError(error) && error.code === 'EADDRINUSE') {
-      return reject(new Error("The address \"localhost:".concat(port, "\" is already in use. Are you running a Merchant Center application in other process? Please stop that and try again."), {
+      return reject(new Error(`The address "localhost:${port}" is already in use. Are you running a Merchant Center application in other process? Please stop that and try again.`, {
         cause: error
       }));
     }
@@ -151,9 +154,8 @@ const resolveProjectKey = async options => {
     return process__default["default"].env.CTP_PROJECT_KEY;
   }
   try {
-    var _applicationConfig$en;
     const applicationConfig$1 = await applicationConfig.processConfig();
-    return (_applicationConfig$en = applicationConfig$1.env.__DEVELOPMENT__) === null || _applicationConfig$en === void 0 || (_applicationConfig$en = _applicationConfig$en.oidc) === null || _applicationConfig$en === void 0 ? void 0 : _applicationConfig$en.initialProjectKey;
+    return applicationConfig$1.env.__DEVELOPMENT__?.oidc?.initialProjectKey;
   } catch (error) {
     // It's ok if there's not application config file or if it does not contain the initialProjectKey
     return;
@@ -162,10 +164,10 @@ const resolveProjectKey = async options => {
 const mapOAuthScopesToClaims = scopes => {
   return _mapInstanceProperty__default["default"](scopes).call(scopes, scope => {
     if (_startsWithInstanceProperty__default["default"](scope).call(scope, 'view_')) {
-      return "view:".concat(scope);
+      return `view:${scope}`;
     }
     if (_startsWithInstanceProperty__default["default"](scope).call(scope, 'manage_')) {
-      return "manage:".concat(scope);
+      return `manage:${scope}`;
     }
     return scope;
   });
@@ -173,12 +175,10 @@ const mapOAuthScopesToClaims = scopes => {
 const mapAdditionalOAuthScopesToClaims = (name, scopes) => {
   return _mapInstanceProperty__default["default"](scopes).call(scopes, scope => {
     if (_startsWithInstanceProperty__default["default"](scope).call(scope, 'view_')) {
-      var _context;
-      return _concatInstanceProperty__default["default"](_context = "view/".concat(name, ":")).call(_context, scope);
+      return `view/${name}:${scope}`;
     }
     if (_startsWithInstanceProperty__default["default"](scope).call(scope, 'manage_')) {
-      var _context2;
-      return _concatInstanceProperty__default["default"](_context2 = "manage/".concat(name, ":")).call(_context2, scope);
+      return `manage/${name}:${scope}`;
     }
     return scope;
   });
@@ -190,15 +190,15 @@ const resolveOAuthScopes = async options => {
 
   // We first check whether the user has set the CTP_OAUTH_SCOPES environment variable
   if (process__default["default"].env.CTP_OAUTH_SCOPES) {
-    var _process$env$CTP_OAUT, _process$env$CTP_OAUT2, _context3;
-    return mapOAuthScopesToClaims((_process$env$CTP_OAUT = (_process$env$CTP_OAUT2 = process__default["default"].env.CTP_OAUTH_SCOPES) === null || _process$env$CTP_OAUT2 === void 0 ? void 0 : _mapInstanceProperty__default["default"](_context3 = _process$env$CTP_OAUT2.split(',')).call(_context3, scope => _trimInstanceProperty__default["default"](scope).call(scope))) !== null && _process$env$CTP_OAUT !== void 0 ? _process$env$CTP_OAUT : []);
+    var _context, _context2;
+    return mapOAuthScopesToClaims(((_context = process__default["default"].env.CTP_OAUTH_SCOPES?.split(',')) == null ? void 0 : _bindInstanceProperty__default["default"](_context2 = Function.call).call(_context2, _mapInstanceProperty__default["default"](_context), _context))?.(scope => _trimInstanceProperty__default["default"](scope).call(scope)) ?? []);
   }
   try {
-    var _applicationConfig$en2, _applicationConfig$en3, _configuredOAuthScope, _configuredOAuthScope2, _configuredAdditional, _configuredAdditional2;
+    var _context3, _context4, _context5, _context6;
     const applicationConfig$1 = await applicationConfig.processConfig();
-    const configuredOAuthScopes = (_applicationConfig$en2 = applicationConfig$1.env.__DEVELOPMENT__) === null || _applicationConfig$en2 === void 0 || (_applicationConfig$en2 = _applicationConfig$en2.oidc) === null || _applicationConfig$en2 === void 0 ? void 0 : _applicationConfig$en2.oAuthScopes;
-    const configuredAdditionalOAuthScopes = (_applicationConfig$en3 = applicationConfig$1.env.__DEVELOPMENT__) === null || _applicationConfig$en3 === void 0 || (_applicationConfig$en3 = _applicationConfig$en3.oidc) === null || _applicationConfig$en3 === void 0 ? void 0 : _applicationConfig$en3.additionalOAuthScopes;
-    return [...mapOAuthScopesToClaims((_configuredOAuthScope = configuredOAuthScopes === null || configuredOAuthScopes === void 0 ? void 0 : configuredOAuthScopes.view) !== null && _configuredOAuthScope !== void 0 ? _configuredOAuthScope : []), ...mapOAuthScopesToClaims((_configuredOAuthScope2 = configuredOAuthScopes === null || configuredOAuthScopes === void 0 ? void 0 : configuredOAuthScopes.manage) !== null && _configuredOAuthScope2 !== void 0 ? _configuredOAuthScope2 : []), ...((_configuredAdditional = configuredAdditionalOAuthScopes === null || configuredAdditionalOAuthScopes === void 0 ? void 0 : _flatMapInstanceProperty__default["default"](configuredAdditionalOAuthScopes).call(configuredAdditionalOAuthScopes, scope => mapAdditionalOAuthScopesToClaims(scope.name, scope.view))) !== null && _configuredAdditional !== void 0 ? _configuredAdditional : []), ...((_configuredAdditional2 = configuredAdditionalOAuthScopes === null || configuredAdditionalOAuthScopes === void 0 ? void 0 : _flatMapInstanceProperty__default["default"](configuredAdditionalOAuthScopes).call(configuredAdditionalOAuthScopes, scope => mapAdditionalOAuthScopesToClaims(scope.name, scope.manage))) !== null && _configuredAdditional2 !== void 0 ? _configuredAdditional2 : [])];
+    const configuredOAuthScopes = applicationConfig$1.env.__DEVELOPMENT__?.oidc?.oAuthScopes;
+    const configuredAdditionalOAuthScopes = applicationConfig$1.env.__DEVELOPMENT__?.oidc?.additionalOAuthScopes;
+    return [...mapOAuthScopesToClaims(configuredOAuthScopes?.view ?? []), ...mapOAuthScopesToClaims(configuredOAuthScopes?.manage ?? []), ...(((_context3 = configuredAdditionalOAuthScopes) == null ? void 0 : _bindInstanceProperty__default["default"](_context4 = Function.call).call(_context4, _flatMapInstanceProperty__default["default"](_context3), _context3))?.(scope => mapAdditionalOAuthScopesToClaims(scope.name, scope.view)) ?? []), ...(((_context5 = configuredAdditionalOAuthScopes) == null ? void 0 : _bindInstanceProperty__default["default"](_context6 = Function.call).call(_context6, _flatMapInstanceProperty__default["default"](_context5), _context5))?.(scope => mapAdditionalOAuthScopesToClaims(scope.name, scope.manage)) ?? [])];
   } catch (error) {
     // It's ok if there's not application config file or if it does not contain the initialProjectKey
     return [];
@@ -208,22 +208,132 @@ const generateRandomHash = function () {
   let length = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 16;
   return crypto__default["default"].randomBytes(length).toString('hex');
 };
+
+/**
+ * Performs headless login using Puppeteer.
+ * Requires IDENTITY_EMAIL and IDENTITY_PASSWORD environment variables.
+ */
+async function runHeadlessLogin(authUrl) {
+  const email = process__default["default"].env.IDENTITY_EMAIL;
+  const password = process__default["default"].env.IDENTITY_PASSWORD;
+  if (!email || !password) {
+    throw new Error('Headless login requires IDENTITY_EMAIL and IDENTITY_PASSWORD environment variables');
+  }
+  let puppeteer;
+  try {
+    puppeteer = await Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('puppeteer')); });
+  } catch {
+    throw new Error('Puppeteer is required for headless login. Install it with: npm install puppeteer');
+  }
+  const browser = await puppeteer.default.launch({
+    headless: 'new',
+    args: ['--no-sandbox', '--disable-setuid-sandbox']
+  });
+  try {
+    const page = await browser.newPage();
+    await page.goto(authUrl.toString(), {
+      waitUntil: 'networkidle2'
+    });
+
+    // Wait for the login page to load
+    await page.waitForSelector('input[name="identifier"]', {
+      timeout: 30000
+    });
+
+    // Dismiss cookie banner if present
+    // Note: Using string-based evaluate to avoid bundler transforming Array.from
+    try {
+      await page.evaluate(`
+        (function() {
+          var buttons = Array.from(document.querySelectorAll('button'));
+          var acceptBtn = buttons.find(function(btn) {
+            return btn.textContent && btn.textContent.includes('Accept all cookies');
+          });
+          if (acceptBtn) acceptBtn.click();
+        })()
+      `);
+      await new _Promise__default["default"](resolve => _setTimeout__default["default"](resolve, 500));
+    } catch {
+      // Cookie banner not found or already dismissed
+    }
+
+    // Fill in email
+    await page.type('input[name="identifier"]', email);
+    await new _Promise__default["default"](resolve => _setTimeout__default["default"](resolve, 500));
+
+    // Click "Next" button
+    await page.evaluate(`
+      (function() {
+        var buttons = Array.from(document.querySelectorAll('button'));
+        var nextBtn = buttons.find(function(btn) {
+          return btn.textContent && btn.textContent.toLowerCase().includes('next');
+        });
+        if (nextBtn) nextBtn.click();
+      })()
+    `);
+
+    // Wait for password field
+    await page.waitForSelector('input[name="password"]', {
+      visible: true,
+      timeout: 30000
+    });
+
+    // Fill in password
+    await page.type('input[name="password"]', password);
+    await new _Promise__default["default"](resolve => _setTimeout__default["default"](resolve, 500));
+
+    // Click "Submit" button
+    await page.evaluate(`
+      (function() {
+        var buttons = Array.from(document.querySelectorAll('button'));
+        var submitBtn = buttons.find(function(btn) {
+          return btn.textContent && btn.textContent.toLowerCase().includes('submit');
+        });
+        if (submitBtn) submitBtn.click();
+      })()
+    `);
+
+    // Wait for the callback to be processed (the server will close and exit)
+    // We just need to keep the browser alive until the redirect happens
+    const startTime = _Date$now__default["default"]();
+    const timeout = 60000;
+    while (_Date$now__default["default"]() - startTime < timeout) {
+      await new _Promise__default["default"](resolve => _setTimeout__default["default"](resolve, 500));
+      const currentUrl = page.url();
+      if (_includesInstanceProperty__default["default"](currentUrl).call(currentUrl, 'sessionToken=')) {
+        // Token was captured by the callback server, we can exit
+        break;
+      }
+      const pageContent = await page.content();
+      if (_includesInstanceProperty__default["default"](pageContent).call(pageContent, 'Invalid credentials') || _includesInstanceProperty__default["default"](pageContent).call(pageContent, 'invalid_grant')) {
+        throw new Error('Invalid credentials');
+      }
+
+      // Check if page shows success (callback server response)
+      if (_includesInstanceProperty__default["default"](pageContent).call(pageContent, 'Success!')) {
+        break;
+      }
+    }
+  } finally {
+    await browser.close();
+  }
+}
 async function run(options) {
   const mcApiUrl = await resolveMcApiUrl(options);
   if (!mcApiUrl) {
     throw new Error('No Merchant Center API URL found. Aborting.');
   }
-  console.log("Using Merchant Center environment \"".concat(chalk__default["default"].green(mcApiUrl), "\"."));
+  console.log(`Using Merchant Center environment "${chalk__default["default"].green(mcApiUrl)}".`);
   console.log();
   if (!options.force && credentialsStorage.isSessionValid(mcApiUrl)) {
-    console.log("You already have a valid session.");
+    console.log(`You already have a valid session.`);
     return;
   }
   const projectKey = await resolveProjectKey(options);
   const oauthScopes = await resolveOAuthScopes(options);
   const scopes = ['openid'];
   if (projectKey) {
-    scopes.push("project_key:".concat(projectKey));
+    scopes.push(`project_key:${projectKey}`);
     _forEachInstanceProperty__default["default"](oauthScopes).call(oauthScopes, scope => {
       scopes.push(scope);
     });
@@ -233,7 +343,7 @@ async function run(options) {
   const authUrl = new _URL__default["default"]('/login/authorize', mcApiUrl);
   authUrl.searchParams.set('response_type', 'id_token');
   authUrl.searchParams.set('response_mode', 'query');
-  authUrl.searchParams.set('client_id', "__local:".concat(clientIdentifier));
+  authUrl.searchParams.set('client_id', `__local:${clientIdentifier}`);
   authUrl.searchParams.set('scope', scopes.join(' '));
   authUrl.searchParams.set('state', state);
   authUrl.searchParams.set('nonce', nonce);
@@ -244,17 +354,23 @@ async function run(options) {
     onSuccess: tokenContext => {
       credentialsStorage.setToken(mcApiUrl, tokenContext);
       console.log();
-      console.log(chalk__default["default"].green("Login successful."));
+      console.log(chalk__default["default"].green(`Login successful.`));
       console.log();
     }
   });
   await startServer(server);
-  console.log("Initiating the OIDC authentication flow, opening the login page in your browser...");
-  console.log("  ".concat(authUrl));
-  console.log();
-  const open = await Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('open')); });
-  await open.default(authUrl.toString());
-  console.log('Waiting for the OIDC authentication to complete...');
+  if (options.headless) {
+    console.log(`Initiating headless authentication flow using Puppeteer...`);
+    console.log();
+    await runHeadlessLogin(authUrl);
+  } else {
+    console.log(`Initiating the OIDC authentication flow, opening the login page in your browser...`);
+    console.log(`  ${authUrl}`);
+    console.log();
+    const open = await Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('open')); });
+    await open.default(authUrl.toString());
+    console.log('Waiting for the OIDC authentication to complete...');
+  }
 }
 
 exports["default"] = run;