@salesforce/commerce-sdk-react 3.2.0-preview.3 → 3.2.0-preview.4

package/CHANGELOG.md

@@ -1,17 +1,21 @@
-## v4.0.0-extensibility-preview.3 (Dec 13, 2024)
-## v3.1.1-preview.3 (Dec 13, 2024)
-## v3.1.1-preview.3 (Dec 13, 2024)
-## v3.1.1-preview.2 (Dec 09, 2024)
-## v3.1.1-preview.1 (Dec 09, 2024)
-## v4.0.0-extensibility-preview.2 (Dec 09, 2024)
-## v3.1.1-preview.1 (Dec 09, 2024)
-## v3.1.1-preview.0 (Dec 02, 2024)
+## v3.2.0-preview.4 (Feb 14, 2025)
+## v3.2.0-preview.3 (Feb 13, 2025)
+## v3.2.0-preview.2 (Feb 13, 2025)
+## v3.9.0-preview.3 (Feb 13, 2025)
+## v3.2.0-preview.2 (Feb 13, 2025)
+## v3.2.0-preview.1 (Feb 13, 2025)
+## v3.9.0-preview.2 (Feb 13, 2025)
+## v3.2.0-preview.1 (Feb 12, 2025)
+## v3.2.0-preview.0 (Feb 03, 2025)
 ## v3.2.0-dev (Oct 29, 2024)
 - Allow cookies for ShopperLogin API [#2190](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2190
 - Fix refresh token TTL warning from firing when override is not provided [#2114](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2114)
-
+- Readme updates for private clients [#2212](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2212)
 - Update CacheUpdateMatrix for mergeBasket mutation [#2138](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2092)
 - Clear auth state if session has been invalidated by a password change [#2092](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2092)
+- DNT interface improvement [#2203](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2203)
+- Support Node 22 [#2218](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2218)
+- Add `authorizeIDP`, `loginIDPUser`, `authorizePasswordless`, `getPasswordLessAccessToken`, `getPasswordResetToken`, and `resetPassword` wrapper functions to support Social Login, Passwordless Login, and Password Reset [#2079] (https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2079)
 
 ## v3.1.0 (Oct 28, 2024)
 

package/README.md

@@ -43,7 +43,7 @@ In practice, we recommend:
 npm install @salesforce/commerce-sdk-react @tanstack/react-query
 ```
 
-## ⚡️ Quickstart (PWA Kit v2.3.0+)
+## ⚡️ Quickstart (PWA Kit v3.0+)
 
 To integrate this library with your PWA Kit application you can use the `CommerceApiProvider` directly assuming that you use the `withReactQuery` higher order component to wrap your `AppConfig` component. Below is a snippet of how this is accomplished.
 
@@ -54,6 +54,10 @@ import {CommerceApiProvider} from '@salesforce/commerce-sdk-react'
 import {withReactQuery} from '@salesforce/pwa-kit-react-sdk/ssr/universal/components/with-react-query'
 
 const AppConfig = ({children}) => {
+    const headers = {
+        'correlation-id': correlationId
+    }
+
     return (
         <CommerceApiProvider
             clientId="12345678-1234-1234-1234-123412341234"
@@ -64,6 +68,11 @@ const AppConfig = ({children}) => {
             shortCode="12345678"
             locale="en-US"
             currency="USD"
+            headers={headers}
+            // Uncomment 'enablePWAKitPrivateClient' to use SLAS private client login flows.
+            // Make sure to also enable useSLASPrivateClient in ssr.js when enabling this setting.
+            // enablePWAKitPrivateClient={true}
+            logger={createLogger({packageName: 'commerce-sdk-react'})}
         >
             {children}
         </CommerceApiProvider>
@@ -125,68 +134,10 @@ export default App
 
 _💡 This section assumes you have read and completed the [Authorization for Shopper APIs](https://developer.salesforce.com/docs/commerce/commerce-api/guide/authorization-for-shopper-apis.html) guide._
 
-To help reduce boilerplate code for managing shopper authentication, by default, this library automatically initializes shopper session and manages the tokens for developers. Currently, the library supports the [Public Client login flow](https://developer.salesforce.com/docs/commerce/commerce-api/guide/slas-public-client.html).
-
-Commerce-react-sdk supports both public and private flow of the [Authorization for Shopper APIs](https://developer.salesforce.com/docs/commerce/commerce-api/guide/authorization-for-shopper-apis.html) guide._
-You can choose to use either public or private slas to login. By default, public flow is enabled.
-
-#### How private SLAS works
-This section assumes you read and understand how [private SLAS](https://developer.salesforce.com/docs/commerce/commerce-api/guide/slas-private-client.html) flow works
-
-To enable private slas flow, you need to pass your secret into the CommercerProvider via clientSecret prop.
-**Note** You should only use private slas if you know you can secure your secret since commercer-sdk-react runs isomorphically.
-
-```js
-// app/components/_app-config/index.jsx
-
-import {CommerceApiProvider} from '@salesforce/commerce-sdk-react'
-import {withReactQuery} from '@salesforce/pwa-kit-react-sdk/ssr/universal/components/with-react-query'
-
-const AppConfig = ({children}) => {
-    return (
-        <CommerceApiProvider
-            clientId="12345678-1234-1234-1234-123412341234"
-            organizationId="f_ecom_aaaa_001"
-            proxy="localhost:3000/mobify/proxy/api"
-            redirectURI="localhost:3000/callback"
-            siteId="RefArch"
-            shortCode="12345678"
-            locale="en-US"
-            currency="USD"
-            clientSecret="<your-slas-private-secret>"
-        >
-            {children}
-        </CommerceApiProvider>
-    )
-}
-```
-#### Disable slas private warnings 
-By default, a warning as below will be displayed on client side to remind developers to always keep their secret safe and secured.
-```js
-'You are potentially exposing SLAS secret on browser. Make sure to keep it safe and secure!'
-```
-You can disable this warning by using CommerceProvider prop `silenceWarnings`
+To help reduce boilerplate code for managing shopper authentication, by default, this library automatically initializes shopper session and manages the tokens for developers. Commerce-sdk-react supports both the [SLAS Public Client login flow](https://developer.salesforce.com/docs/commerce/commerce-api/guide/slas-public-client.html) and [SLAS Private Client login flow](https://developer.salesforce.com/docs/commerce/commerce-api/guide/slas-private-client.html). Authorization using a private client is supported in PWA Kit 3.5 and later, and is the recommended authorization workflow.
 
-```js
-const AppConfig = ({children}) => {
-    return (
-        <CommerceApiProvider
-            clientId="12345678-1234-1234-1234-123412341234"
-            organizationId="f_ecom_aaaa_001"
-            proxy="localhost:3000/mobify/proxy/api"
-            redirectURI="localhost:3000/callback"
-            siteId="RefArch"
-            shortCode="12345678"
-            locale="en-US"
-            currency="USD"
-            clientSecret="<your-slas-private-secret>"
-            silenceWarnings={true}
-        >
-            {children}
-        </CommerceApiProvider>
-    )
-}
-```
+#### Using a private SLAS client
+To enable a private client, see [Use a SLAS Private Client](https://developer.salesforce.com/docs/commerce/pwa-kit-managed-runtime/guide/use-a-slas-private-client.html).
 
 ### Shopper Session Initialization
 

package/auth/index.d.ts

@@ -15,9 +15,15 @@ interface AuthConfig extends ApiClientConfigParams {
     silenceWarnings?: boolean;
     logger: Logger;
     defaultDnt?: boolean;
+    passwordlessLoginCallbackURI?: string;
     refreshTokenRegisteredCookieTTL?: number;
     refreshTokenGuestCookieTTL?: number;
 }
+type AuthorizeIDPParams = Parameters<Helpers['authorizeIDP']>[1];
+type LoginIDPUserParams = Parameters<Helpers['loginIDPUser']>[2];
+type AuthorizePasswordlessParams = Parameters<Helpers['authorizePasswordless']>[2];
+type LoginPasswordlessParams = Parameters<Helpers['getPasswordLessAccessToken']>[2];
+type LoginRegisteredUserB2CCredentials = Parameters<Helpers['loginRegisteredUserB2C']>[1];
 /**
  * The extended field is not from api response, we manually store the auth type,
  * so we don't need to make another API call when we already have the data.
@@ -29,7 +35,10 @@ export type AuthData = Prettify<RemoveStringIndex<TokenResponse> & {
     idp_access_token: string;
 }>;
 /** A shopper could be guest or registered, so we store the refresh tokens individually. */
-type AuthDataKeys = Exclude<keyof AuthData, 'refresh_token'> | 'refresh_token_guest' | 'refresh_token_registered' | 'access_token_sfra' | typeof DNT_COOKIE_NAME | typeof DWSID_COOKIE_NAME;
+type AuthDataKeys = Exclude<keyof AuthData, 'refresh_token'> | 'refresh_token_guest' | 'refresh_token_registered' | 'access_token_sfra' | typeof DNT_COOKIE_NAME | typeof DWSID_COOKIE_NAME | 'code_verifier' | 'uido';
+type DntOptions = {
+    includeDefaults: boolean;
+};
 export declare const DEFAULT_SLAS_REFRESH_TOKEN_REGISTERED_TTL: number;
 export declare const DEFAULT_SLAS_REFRESH_TOKEN_GUEST_TTL: number;
 /**
@@ -51,6 +60,8 @@ declare class Auth {
     private silenceWarnings;
     private logger;
     private defaultDnt;
+    private isPrivate;
+    private passwordlessLoginCallbackURI;
     private refreshTokenRegisteredCookieTTL;
     private refreshTokenGuestCookieTTL;
     private refreshTrustedAgentHandler;
@@ -58,7 +69,20 @@ declare class Auth {
     get(name: AuthDataKeys): string;
     private set;
     private delete;
-    getDnt(): boolean | undefined;
+    /**
+     * Return the value of the DNT cookie or undefined if it is not set.
+     * The DNT cookie being undefined means that there is a necessity to
+     * get the user's input for consent tracking, but not that there is no
+     * DNT value to apply to analytics layers. DNT value will default to
+     * a certain value and this is reflected by effectiveDnt.
+     *
+     * If the cookie value is invalid, then it will be deleted in this function.
+     *
+     * If includeDefaults is true, then even if the cookie is not defined,
+     * defaultDnt will be returned, if it exists. If defaultDnt is not defined, then
+     * the SDK Default will return (false)
+     */
+    getDnt(options?: DntOptions): boolean | undefined;
     setDnt(preference: boolean | null): Promise<void>;
     private clearStorage;
     /**
@@ -69,11 +93,6 @@ declare class Auth {
      * Used to validate JWT token expiration.
      */
     private isTokenExpired;
-    /**
-     * Gets the Do-Not-Track (DNT) preference from the `dw_dnt` cookie.
-     * If user has set their DNT preference, read the cookie, if not, use the default DNT pref. If the default DNT pref has not been set, default to false.
-     */
-    private getDntPreference;
     /**
      * Returns the SLAS access token or an empty string if the access token
      * is not found in local store or if SFRA wants PWA to trigger refresh token login.
@@ -224,6 +243,7 @@ declare class Auth {
         fax?: string | undefined;
         firstName?: string | undefined;
         gender?: number | undefined;
+        hashedLogin?: string | undefined;
         jobTitle?: string | undefined;
         lastLoginTime?: any;
         lastModified?: any;
@@ -283,7 +303,7 @@ declare class Auth {
      * A wrapper method for commerce-sdk-isomorphic helper: loginRegisteredUserB2C.
      *
      */
-    loginRegisteredUserB2C(credentials: Parameters<Helpers['loginRegisteredUserB2C']>[1]): Promise<helpers.TokenResponse>;
+    loginRegisteredUserB2C(credentials: LoginRegisteredUserB2CCredentials): Promise<helpers.TokenResponse>;
     /**
      * Trusted agent authorization
      *
@@ -343,6 +363,34 @@ declare class Auth {
         currentPassword: string;
         shouldReloginCurrentSession?: boolean;
     }): Promise<void>;
+    /**
+     * A wrapper method for commerce-sdk-isomorphic helper: authorizeIDP.
+     *
+     */
+    authorizeIDP(parameters: AuthorizeIDPParams): Promise<void>;
+    /**
+     * A wrapper method for commerce-sdk-isomorphic helper: loginIDPUser.
+     *
+     */
+    loginIDPUser(parameters: LoginIDPUserParams): Promise<helpers.TokenResponse>;
+    /**
+     * A wrapper method for commerce-sdk-isomorphic helper: authorizePasswordless.
+     */
+    authorizePasswordless(parameters: AuthorizePasswordlessParams): Promise<Response>;
+    /**
+     * A wrapper method for commerce-sdk-isomorphic helper: getPasswordLessAccessToken.
+     */
+    getPasswordLessAccessToken(parameters: LoginPasswordlessParams): Promise<helpers.TokenResponse>;
+    /**
+     * A wrapper method for the SLAS endpoint: getPasswordResetToken.
+     *
+     */
+    getPasswordResetToken(parameters: ShopperLoginTypes.PasswordActionRequest): Promise<void>;
+    /**
+     * A wrapper method for the SLAS endpoint: resetPassword.
+     *
+     */
+    resetPassword(parameters: ShopperLoginTypes.PasswordActionVerifyRequest): Promise<void>;
     /**
      * Decode SLAS JWT and extract information such as customer id, usid, etc.
      *
@@ -355,6 +403,7 @@ declare class Auth {
         loginId: string;
         isAgent: boolean;
         agentId: string | null;
+        uido: string;
     };
 }
 export default Auth;

package/auth/index.js

@@ -115,6 +115,14 @@ const DATA_MAP = {
   dwsid: {
     storageType: 'cookie',
     key: _constant.DWSID_COOKIE_NAME
+  },
+  code_verifier: {
+    storageType: 'local',
+    key: 'code_verifier'
+  },
+  uido: {
+    storageType: 'local',
+    key: 'uido'
   }
 };
 const DEFAULT_SLAS_REFRESH_TOKEN_REGISTERED_TTL = exports.DEFAULT_SLAS_REFRESH_TOKEN_REGISTERED_TTL = 90 * 24 * 60 * 60;
@@ -205,6 +213,9 @@ class Auth {
     // PWA users should not need to touch this.
     config.clientSecret || '';
     this.silenceWarnings = config.silenceWarnings || false;
+    this.isPrivate = !!this.clientSecret;
+    const passwordlessLoginCallbackURI = config.passwordlessLoginCallbackURI;
+    this.passwordlessLoginCallbackURI = passwordlessLoginCallbackURI ? (0, _utils.isAbsoluteUrl)(passwordlessLoginCallbackURI) ? passwordlessLoginCallbackURI : `${baseUrl}${passwordlessLoginCallbackURI}` : '';
   }
   get(name) {
     const {
@@ -232,9 +243,22 @@ class Auth {
     const storage = this.stores[storageType];
     storage.delete(key);
   }
-  getDnt() {
+
+  /**
+   * Return the value of the DNT cookie or undefined if it is not set.
+   * The DNT cookie being undefined means that there is a necessity to
+   * get the user's input for consent tracking, but not that there is no
+   * DNT value to apply to analytics layers. DNT value will default to
+   * a certain value and this is reflected by effectiveDnt.
+   *
+   * If the cookie value is invalid, then it will be deleted in this function.
+   *
+   * If includeDefaults is true, then even if the cookie is not defined,
+   * defaultDnt will be returned, if it exists. If defaultDnt is not defined, then
+   * the SDK Default will return (false)
+   */
+  getDnt(options) {
     const dntCookieVal = this.get(_constant.DNT_COOKIE_NAME);
-    // Only '1' or '0' are valid, and invalid values, lack of cookie, or value conflict with token must be an undefined DNT
     let dntCookieStatus = undefined;
     const accessToken = this.getAccessToken();
     let isInSync = true;
@@ -249,6 +273,19 @@ class Auth {
     } else {
       dntCookieStatus = Boolean(Number(dntCookieVal));
     }
+    if (options !== null && options !== void 0 && options.includeDefaults) {
+      const defaultDnt = this.defaultDnt;
+      let effectiveDnt;
+      const dntCookie = dntCookieVal === '1' ? true : dntCookieVal === '0' ? false : undefined;
+      if (dntCookie !== undefined) {
+        effectiveDnt = dntCookie;
+      } else {
+        // If the cookie is not set, read the defaultDnt preference.
+        // If defaultDnt doesn't exist, default to false, following SLAS default for dnt
+        effectiveDnt = defaultDnt !== undefined ? defaultDnt : false;
+      }
+      return effectiveDnt;
+    }
     return dntCookieStatus;
   }
   setDnt(preference) {
@@ -328,21 +365,6 @@ class Auth {
     return validTimeSeconds <= tokenAgeSeconds;
   }
 
-  /**
-   * Gets the Do-Not-Track (DNT) preference from the `dw_dnt` cookie.
-   * If user has set their DNT preference, read the cookie, if not, use the default DNT pref. If the default DNT pref has not been set, default to false.
-   */
-  getDntPreference(dw_dnt, defaultDnt) {
-    let dntPref;
-    // Read `dw_dnt` cookie
-    const dntCookie = dw_dnt === '1' ? true : dw_dnt === '0' ? false : undefined;
-    dntPref = dntCookie;
-
-    // If the cookie is not set, read the default DNT preference.
-    if (dntCookie === undefined) dntPref = defaultDnt !== undefined ? defaultDnt : undefined;
-    return dntPref;
-  }
-
   /**
    * Returns the SLAS access token or an empty string if the access token
    * is not found in local store or if SFRA wants PWA to trigger refresh token login.
@@ -474,6 +496,12 @@ class Auth {
     const responseValue = res.refresh_token_expires_in;
     const defaultValue = isGuest ? DEFAULT_SLAS_REFRESH_TOKEN_GUEST_TTL : DEFAULT_SLAS_REFRESH_TOKEN_REGISTERED_TTL;
     const refreshTokenTTLValue = this.getRefreshTokenCookieTTLValue(overrideValue, responseValue, defaultValue);
+    if (res.access_token) {
+      const {
+        uido
+      } = this.parseSlasJWT(res.access_token);
+      this.set('uido', uido);
+    }
     const expiresDate = this.convertSecondsToDate(refreshTokenTTLValue);
     this.set('refresh_token_expires_in', refreshTokenTTLValue.toString());
     this.set(refreshTokenKey, res.refresh_token, {
@@ -483,17 +511,18 @@ class Auth {
   refreshAccessToken() {
     var _this2 = this;
     return _asyncToGenerator(function* () {
-      const dntPref = _this2.getDntPreference(_this2.get(_constant.DNT_COOKIE_NAME), _this2.defaultDnt);
+      const dntPref = _this2.getDnt({
+        includeDefaults: true
+      });
       const refreshTokenRegistered = _this2.get('refresh_token_registered');
       const refreshTokenGuest = _this2.get('refresh_token_guest');
       const refreshToken = refreshTokenRegistered || refreshTokenGuest;
       if (refreshToken) {
         try {
-          return yield _this2.queueRequest(() => _commerceSdkIsomorphic.helpers.refreshAccessToken(_this2.client, _objectSpread({
-            refreshToken
-          }, dntPref !== undefined && {
+          return yield _this2.queueRequest(() => _commerceSdkIsomorphic.helpers.refreshAccessToken(_this2.client, {
+            refreshToken,
             dnt: dntPref
-          }), {
+          }, {
             clientSecret: _this2.clientSecret
           }), !!refreshTokenGuest);
         } catch (error) {
@@ -553,7 +582,7 @@ class Auth {
     var _this3 = this;
     return _asyncToGenerator(function* () {
       const queue = _this3.pendingToken ?? Promise.resolve();
-      _this3.pendingToken = queue.then(/*#__PURE__*/_asyncToGenerator(function* () {
+      _this3.pendingToken = queue.then( /*#__PURE__*/_asyncToGenerator(function* () {
         const token = yield fn();
         _this3.handleTokenResponse(token, isGuest);
         // Q: Why don't we just return token? Why re-construct the same object again?
@@ -670,20 +699,21 @@ class Auth {
         _this6.logWarning(_constant.SLAS_SECRET_WARNING_MSG);
       }
       const usid = _this6.get('usid');
-      const dntPref = _this6.getDntPreference(_this6.get(_constant.DNT_COOKIE_NAME), _this6.defaultDnt);
+      const dntPref = _this6.getDnt({
+        includeDefaults: true
+      });
       const isGuest = true;
-      const guestPrivateArgs = [_this6.client, _objectSpread(_objectSpread({}, dntPref !== undefined && {
+      const guestPrivateArgs = [_this6.client, _objectSpread({
         dnt: dntPref
-      }), usid && {
+      }, usid && {
         usid
       }), {
         clientSecret: _this6.clientSecret
       }];
-      const guestPublicArgs = [_this6.client, _objectSpread(_objectSpread({
-        redirectURI: _this6.redirectURI
-      }, dntPref !== undefined && {
+      const guestPublicArgs = [_this6.client, _objectSpread({
+        redirectURI: _this6.redirectURI,
         dnt: dntPref
-      }), usid && {
+      }, usid && {
         usid
       })];
       const callback = _this6.clientSecret ? () => _commerceSdkIsomorphic.helpers.loginGuestUserPrivate(...guestPrivateArgs) : () => _commerceSdkIsomorphic.helpers.loginGuestUser(...guestPublicArgs);
@@ -748,15 +778,16 @@ class Auth {
       }
       const redirectURI = _this8.redirectURI;
       const usid = _this8.get('usid');
-      const dntPref = _this8.getDntPreference(_this8.get(_constant.DNT_COOKIE_NAME), _this8.defaultDnt);
+      const dntPref = _this8.getDnt({
+        includeDefaults: true
+      });
       const isGuest = false;
       const token = yield _commerceSdkIsomorphic.helpers.loginRegisteredUserB2C(_this8.client, _objectSpread(_objectSpread({}, credentials), {}, {
         clientSecret: _this8.clientSecret
-      }), _objectSpread(_objectSpread({
-        redirectURI
-      }, dntPref !== undefined && {
+      }), _objectSpread({
+        redirectURI,
         dnt: dntPref
-      }), usid && {
+      }, usid && {
         usid
       }));
       _this8.handleTokenResponse(token, isGuest);
@@ -916,6 +947,186 @@ class Auth {
     })();
   }
 
+  /**
+   * A wrapper method for commerce-sdk-isomorphic helper: authorizeIDP.
+   *
+   */
+  authorizeIDP(parameters) {
+    var _this14 = this;
+    return _asyncToGenerator(function* () {
+      const redirectURI = parameters.redirectURI || _this14.redirectURI;
+      const usid = _this14.get('usid');
+      const {
+        url,
+        codeVerifier
+      } = yield _commerceSdkIsomorphic.helpers.authorizeIDP(_this14.client, _objectSpread({
+        redirectURI,
+        hint: parameters.hint
+      }, usid && {
+        usid
+      }), _this14.isPrivate);
+      if ((0, _utils.onClient)()) {
+        window.location.assign(url);
+      } else {
+        console.warn('Something went wrong, this client side method is invoked on the server.');
+      }
+      _this14.set('code_verifier', codeVerifier);
+    })();
+  }
+
+  /**
+   * A wrapper method for commerce-sdk-isomorphic helper: loginIDPUser.
+   *
+   */
+  loginIDPUser(parameters) {
+    var _this15 = this;
+    return _asyncToGenerator(function* () {
+      const codeVerifier = _this15.get('code_verifier');
+      const code = parameters.code;
+      const usid = parameters.usid || _this15.get('usid');
+      const redirectURI = parameters.redirectURI || _this15.redirectURI;
+      const dntPref = _this15.getDnt({
+        includeDefaults: true
+      });
+      const token = yield _commerceSdkIsomorphic.helpers.loginIDPUser(_this15.client, {
+        codeVerifier,
+        clientSecret: _this15.clientSecret
+      }, _objectSpread({
+        redirectURI,
+        code,
+        dnt: dntPref
+      }, usid && {
+        usid
+      }));
+      const isGuest = false;
+      _this15.handleTokenResponse(token, isGuest);
+      // Delete the code verifier once the user has logged in
+      _this15.delete('code_verifier');
+      if ((0, _utils.onClient)()) {
+        void _this15.clearECOMSession();
+      }
+      return token;
+    })();
+  }
+
+  /**
+   * A wrapper method for commerce-sdk-isomorphic helper: authorizePasswordless.
+   */
+  authorizePasswordless(parameters) {
+    var _this16 = this;
+    return _asyncToGenerator(function* () {
+      const userid = parameters.userid;
+      const callbackURI = parameters.callbackURI || _this16.passwordlessLoginCallbackURI;
+      const usid = _this16.get('usid');
+      const mode = callbackURI ? 'callback' : 'sms';
+      const res = yield _commerceSdkIsomorphic.helpers.authorizePasswordless(_this16.client, {
+        clientSecret: _this16.clientSecret
+      }, _objectSpread(_objectSpread(_objectSpread({}, callbackURI && {
+        callbackURI: callbackURI
+      }), usid && {
+        usid
+      }), {}, {
+        userid,
+        mode
+      }));
+      if (res && res.status !== 200) {
+        const errorData = yield res.json();
+        throw new Error(`${res.status} ${String(errorData.message)}`);
+      }
+      return res;
+    })();
+  }
+
+  /**
+   * A wrapper method for commerce-sdk-isomorphic helper: getPasswordLessAccessToken.
+   */
+  getPasswordLessAccessToken(parameters) {
+    var _this17 = this;
+    return _asyncToGenerator(function* () {
+      const pwdlessLoginToken = parameters.pwdlessLoginToken;
+      const dntPref = _this17.getDnt({
+        includeDefaults: true
+      });
+      const token = yield _commerceSdkIsomorphic.helpers.getPasswordLessAccessToken(_this17.client, {
+        clientSecret: _this17.clientSecret
+      }, {
+        pwdlessLoginToken,
+        dnt: dntPref !== undefined ? String(dntPref) : undefined
+      });
+      const isGuest = false;
+      _this17.handleTokenResponse(token, isGuest);
+      if ((0, _utils.onClient)()) {
+        void _this17.clearECOMSession();
+      }
+      return token;
+    })();
+  }
+
+  /**
+   * A wrapper method for the SLAS endpoint: getPasswordResetToken.
+   *
+   */
+  getPasswordResetToken(parameters) {
+    var _this18 = this;
+    return _asyncToGenerator(function* () {
+      const slasClient = _this18.client;
+      const callbackURI = parameters.callback_uri;
+      const options = {
+        headers: {
+          Authorization: ''
+        },
+        body: {
+          user_id: parameters.user_id,
+          mode: 'callback',
+          channel_id: slasClient.clientConfig.parameters.siteId,
+          client_id: slasClient.clientConfig.parameters.clientId,
+          callback_uri: callbackURI,
+          hint: 'cross_device'
+        }
+      };
+
+      // Only set authorization header if using private client
+      if (_this18.clientSecret) {
+        options.headers.Authorization = `Basic ${(0, _utils.stringToBase64)(`${slasClient.clientConfig.parameters.clientId}:${_this18.clientSecret}`)}`;
+      }
+      const res = yield slasClient.getPasswordResetToken(options);
+      return res;
+    })();
+  }
+
+  /**
+   * A wrapper method for the SLAS endpoint: resetPassword.
+   *
+   */
+  resetPassword(parameters) {
+    var _this19 = this;
+    return _asyncToGenerator(function* () {
+      const slasClient = _this19.client;
+      const options = {
+        headers: {
+          Authorization: ''
+        },
+        body: {
+          pwd_action_token: parameters.pwd_action_token,
+          channel_id: slasClient.clientConfig.parameters.siteId,
+          client_id: slasClient.clientConfig.parameters.clientId,
+          new_password: parameters.new_password,
+          user_id: parameters.user_id
+        }
+      };
+
+      // Only set authorization header if using private client
+      if (_this19.clientSecret) {
+        options.headers.Authorization = `Basic ${(0, _utils.stringToBase64)(`${slasClient.clientConfig.parameters.clientId}:${_this19.clientSecret}`)}`;
+      }
+      // TODO: no code verifier needed with the fix blair has made, delete this when the fix has been merged to production
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore
+      const res = yield _this19.client.resetPassword(options);
+      return res;
+    })();
+  }
+
   /**
    * Decode SLAS JWT and extract information such as customer id, usid, etc.
    *
@@ -935,6 +1146,7 @@ class Auth {
     // ISB format
     // 'uido:ecom::upn:Guest||xxxEmailxxx::uidn:FirstName LastName::gcid:xxxGuestCustomerIdxxx::rcid:xxxRegisteredCustomerIdxxx::chid:xxxSiteIdxxx',
     const isbParts = isb.split('::');
+    const uido = isbParts[0].split('uido:')[1];
     const isGuest = isbParts[1] === 'upn:Guest';
     const customerId = isGuest ? isbParts[3].replace('gcid:', '') : isbParts[4].replace('rcid:', '');
     const loginId = isGuest ? 'guest' : isbParts[1].replace('upn:', '');
@@ -951,7 +1163,8 @@ class Auth {
       dnt,
       loginId,
       isAgent,
-      agentId
+      agentId,
+      uido
     };
   }
 }

package/components/ShopperExperience/Component/index.js

@@ -15,8 +15,8 @@ const _excluded = ["data"];
  */
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function _extends() { return _extends = Object.assign ? Object.assign.bind() : function (n) { for (var e = 1; e < arguments.length; e++) { var t = arguments[e]; for (var r in t) ({}).hasOwnProperty.call(t, r) && (n[r] = t[r]); } return n; }, _extends.apply(null, arguments); }
-function _objectWithoutProperties(e, t) { if (null == e) return {}; var o, r, i = _objectWithoutPropertiesLoose(e, t); if (Object.getOwnPropertySymbols) { var s = Object.getOwnPropertySymbols(e); for (r = 0; r < s.length; r++) o = s[r], t.includes(o) || {}.propertyIsEnumerable.call(e, o) && (i[o] = e[o]); } return i; }
-function _objectWithoutPropertiesLoose(r, e) { if (null == r) return {}; var t = {}; for (var n in r) if ({}.hasOwnProperty.call(r, n)) { if (e.includes(n)) continue; t[n] = r[n]; } return t; }
+function _objectWithoutProperties(e, t) { if (null == e) return {}; var o, r, i = _objectWithoutPropertiesLoose(e, t); if (Object.getOwnPropertySymbols) { var n = Object.getOwnPropertySymbols(e); for (r = 0; r < n.length; r++) o = n[r], t.indexOf(o) >= 0 || {}.propertyIsEnumerable.call(e, o) && (i[o] = e[o]); } return i; }
+function _objectWithoutPropertiesLoose(r, e) { if (null == r) return {}; var t = {}; for (var n in r) if ({}.hasOwnProperty.call(r, n)) { if (e.indexOf(n) >= 0) continue; t[n] = r[n]; } return t; }
 const ComponentNotFound = ({
   typeId
 }) => /*#__PURE__*/_react.default.createElement("div", null, `Component type '${typeId}' not found!`);

package/components/ShopperExperience/Page/index.js

@@ -22,8 +22,8 @@ function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t =
 function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
 function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == typeof i ? i : i + ""; }
 function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != typeof i) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
-function _objectWithoutProperties(e, t) { if (null == e) return {}; var o, r, i = _objectWithoutPropertiesLoose(e, t); if (Object.getOwnPropertySymbols) { var s = Object.getOwnPropertySymbols(e); for (r = 0; r < s.length; r++) o = s[r], t.includes(o) || {}.propertyIsEnumerable.call(e, o) && (i[o] = e[o]); } return i; }
-function _objectWithoutPropertiesLoose(r, e) { if (null == r) return {}; var t = {}; for (var n in r) if ({}.hasOwnProperty.call(r, n)) { if (e.includes(n)) continue; t[n] = r[n]; } return t; }
+function _objectWithoutProperties(e, t) { if (null == e) return {}; var o, r, i = _objectWithoutPropertiesLoose(e, t); if (Object.getOwnPropertySymbols) { var n = Object.getOwnPropertySymbols(e); for (r = 0; r < n.length; r++) o = n[r], t.indexOf(o) >= 0 || {}.propertyIsEnumerable.call(e, o) && (i[o] = e[o]); } return i; }
+function _objectWithoutPropertiesLoose(r, e) { if (null == r) return {}; var t = {}; for (var n in r) if ({}.hasOwnProperty.call(r, n)) { if (e.indexOf(n) >= 0) continue; t[n] = r[n]; } return t; }
 // This context will hold the component map as well as any other future context.
 const PageContext = exports.PageContext = /*#__PURE__*/_react.default.createContext(undefined);
 

package/components/ShopperExperience/Region/index.js

@@ -17,8 +17,8 @@ const _excluded = ["region", "className"];
  */
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function _extends() { return _extends = Object.assign ? Object.assign.bind() : function (n) { for (var e = 1; e < arguments.length; e++) { var t = arguments[e]; for (var r in t) ({}).hasOwnProperty.call(t, r) && (n[r] = t[r]); } return n; }, _extends.apply(null, arguments); }
-function _objectWithoutProperties(e, t) { if (null == e) return {}; var o, r, i = _objectWithoutPropertiesLoose(e, t); if (Object.getOwnPropertySymbols) { var s = Object.getOwnPropertySymbols(e); for (r = 0; r < s.length; r++) o = s[r], t.includes(o) || {}.propertyIsEnumerable.call(e, o) && (i[o] = e[o]); } return i; }
-function _objectWithoutPropertiesLoose(r, e) { if (null == r) return {}; var t = {}; for (var n in r) if ({}.hasOwnProperty.call(r, n)) { if (e.includes(n)) continue; t[n] = r[n]; } return t; }
+function _objectWithoutProperties(e, t) { if (null == e) return {}; var o, r, i = _objectWithoutPropertiesLoose(e, t); if (Object.getOwnPropertySymbols) { var n = Object.getOwnPropertySymbols(e); for (r = 0; r < n.length; r++) o = n[r], t.indexOf(o) >= 0 || {}.propertyIsEnumerable.call(e, o) && (i[o] = e[o]); } return i; }
+function _objectWithoutPropertiesLoose(r, e) { if (null == r) return {}; var t = {}; for (var n in r) if ({}.hasOwnProperty.call(r, n)) { if (e.indexOf(n) >= 0) continue; t[n] = r[n]; } return t; }
 /**
  * This PropType represents a `region` object from the ShopperExperience API.
  */

package/hooks/useAuthHelper.d.ts

@@ -6,10 +6,16 @@ import Auth from '../auth';
  * @enum
  */
 export declare const AuthHelpers: {
+    readonly AuthorizePasswordless: "authorizePasswordless";
+    readonly LoginPasswordlessUser: "getPasswordLessAccessToken";
+    readonly AuthorizeIDP: "authorizeIDP";
+    readonly GetPasswordResetToken: "getPasswordResetToken";
+    readonly LoginIDPUser: "loginIDPUser";
     readonly LoginGuestUser: "loginGuestUser";
     readonly LoginRegisteredUserB2C: "loginRegisteredUserB2C";
     readonly Logout: "logout";
     readonly Register: "register";
+    readonly ResetPassword: "resetPassword";
     readonly UpdateCustomerPassword: "updateCustomerPassword";
 };
 /**
@@ -25,6 +31,8 @@ export type AuthHelper = (typeof AuthHelpers)[keyof typeof AuthHelpers];
  * For more, see https://github.com/SalesforceCommerceCloud/commerce-sdk-isomorphic/#public-client-shopper-login-helpers
  *
  * Avaliable helpers:
+ * - authorizeIDP
+ * - loginIDPUser
  * - loginRegisteredUserB2C
  * - loginGuestUser
  * - logout

package/hooks/useAuthHelper.js

@@ -22,10 +22,16 @@ function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e
  * @enum
  */
 const AuthHelpers = exports.AuthHelpers = {
+  AuthorizePasswordless: 'authorizePasswordless',
+  LoginPasswordlessUser: 'getPasswordLessAccessToken',
+  AuthorizeIDP: 'authorizeIDP',
+  GetPasswordResetToken: 'getPasswordResetToken',
+  LoginIDPUser: 'loginIDPUser',
   LoginGuestUser: 'loginGuestUser',
   LoginRegisteredUserB2C: 'loginRegisteredUserB2C',
   Logout: 'logout',
   Register: 'register',
+  ResetPassword: 'resetPassword',
   UpdateCustomerPassword: 'updateCustomerPassword'
 };
 /**
@@ -47,6 +53,8 @@ const noop = () => ({});
  * For more, see https://github.com/SalesforceCommerceCloud/commerce-sdk-isomorphic/#public-client-shopper-login-helpers
  *
  * Avaliable helpers:
+ * - authorizeIDP
+ * - loginIDPUser
  * - loginRegisteredUserB2C
  * - loginGuestUser
  * - logout

package/hooks/useAuthorizationHeader.js

@@ -42,7 +42,7 @@ const useAuthorizationHeader = method => {
         headers: _objectSpread({
           Authorization: `Bearer ${access_token}`
         }, options.headers)
-      })).catch(/*#__PURE__*/function () {
+      })).catch( /*#__PURE__*/function () {
         var _ref2 = _asyncToGenerator(function* (error) {
           const {
             access_token

package/hooks/useCustomerType.d.ts

@@ -3,6 +3,7 @@ type useCustomerType = {
     customerType: CustomerType;
     isGuest: boolean;
     isRegistered: boolean;
+    isExternal: boolean;
 };
 /**
  * A hook to return customer auth type.

package/hooks/useCustomerType.js

@@ -44,10 +44,18 @@ const useCustomerType = () => {
   if (customerType !== null && customerType !== 'guest' && customerType !== 'registered') {
     customerType = null;
   }
+
+  // The `uido` is a value within the `isb` claim of the SLAS access token that denotes the IDP origin of the user
+  // If `uido` is not equal to `slas` or `ecom`, the user is considered an external user
+  const uido = onClient ?
+  // eslint-disable-next-line react-hooks/rules-of-hooks
+  (0, _useLocalStorage.default)(`uido_${config.siteId}`) : auth.get('uido');
+  const isExternal = customerType === 'registered' && uido !== 'slas' && uido !== 'ecom';
   return {
     customerType,
     isGuest,
-    isRegistered
+    isRegistered,
+    isExternal
   };
 };
 var _default = exports.default = useCustomerType;

package/hooks/useDNT.d.ts

@@ -1,16 +1,26 @@
 interface useDntReturn {
+    selectedDnt: boolean | undefined;
     dntStatus: boolean | undefined;
+    effectiveDnt: boolean | undefined;
     updateDNT: (preference: boolean | null) => Promise<void>;
+    updateDnt: (preference: boolean | null) => Promise<void>;
 }
 /**
- * Hook that returns
- * dntStatus - a boolean indicating the current DNT preference
- * updateDNT - a function that takes a DNT preference and creates the dw_dnt
- *              cookie and reauthroizes with SLAS
- *
  * @group Helpers
  * @category DNT
  *
+ * @returns {Object} - The returned object containing DNT states and function to update preference
+ * @property {boolean} selectedDnt - DNT user preference. Used to determine
+ *              if the consent tracking form should be rendered
+ * @property {boolean} effectiveDnt - effective DNT value to apply to
+ *              analytics layers. Takes defaultDnt into account when selectedDnt is undefined.
+ *              If defaultDnt is undefined as well, then SDK default is used.
+ * @property {function} updateDnt - takes a DNT choice and creates the dw_dnt
+ *              cookie and reauthorizes with SLAS
+ * @property {function} updateDNT - @deprecated Deprecated since version 3.1.0. Use updateDnt instead.
+ * @property {boolean} dntStatus - @deprecated Deprecated since version 3.1.0. Use selectedDnt instead.
+ *
+ *
  */
 declare const useDNT: () => useDntReturn;
 export default useDNT;

package/hooks/useDNT.js

@@ -14,29 +14,44 @@ function _asyncToGenerator(n) { return function () { var t = this, e = arguments
  * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 /**
- * Hook that returns
- * dntStatus - a boolean indicating the current DNT preference
- * updateDNT - a function that takes a DNT preference and creates the dw_dnt
- *              cookie and reauthroizes with SLAS
- *
  * @group Helpers
  * @category DNT
  *
+ * @returns {Object} - The returned object containing DNT states and function to update preference
+ * @property {boolean} selectedDnt - DNT user preference. Used to determine
+ *              if the consent tracking form should be rendered
+ * @property {boolean} effectiveDnt - effective DNT value to apply to
+ *              analytics layers. Takes defaultDnt into account when selectedDnt is undefined.
+ *              If defaultDnt is undefined as well, then SDK default is used.
+ * @property {function} updateDnt - takes a DNT choice and creates the dw_dnt
+ *              cookie and reauthorizes with SLAS
+ * @property {function} updateDNT - @deprecated Deprecated since version 3.1.0. Use updateDnt instead.
+ * @property {boolean} dntStatus - @deprecated Deprecated since version 3.1.0. Use selectedDnt instead.
+ *
+ *
  */
 const useDNT = () => {
   const auth = (0, _useAuthContext.default)();
-  const dntStatus = auth.getDnt();
-  const updateDNT = /*#__PURE__*/function () {
+  const selectedDnt = auth.getDnt();
+  const effectiveDnt = auth.getDnt({
+    includeDefaults: true
+  });
+  const updateDnt = /*#__PURE__*/function () {
     var _ref = _asyncToGenerator(function* (preference) {
       yield auth.setDnt(preference);
     });
-    return function updateDNT(_x) {
+    return function updateDnt(_x) {
       return _ref.apply(this, arguments);
     };
   }();
+  const updateDNT = updateDnt;
+  const dntStatus = selectedDnt;
   return {
+    selectedDnt,
+    effectiveDnt,
     dntStatus,
-    updateDNT
+    updateDNT,
+    updateDnt
   };
 };
 var _default = exports.default = useDNT;

package/hooks/useMutation.js

@@ -61,7 +61,7 @@ const useCustomMutation = (apiOptions, mutationOptions) => {
         const {
           access_token
         } = yield auth.ready();
-        return yield _commerceSdkIsomorphic.helpers.callCustomEndpoint((0, _helpers.generateCustomEndpointOptions)(apiOptions, globalConfig, access_token, args)).catch(/*#__PURE__*/function () {
+        return yield _commerceSdkIsomorphic.helpers.callCustomEndpoint((0, _helpers.generateCustomEndpointOptions)(apiOptions, globalConfig, access_token, args)).catch( /*#__PURE__*/function () {
           var _ref2 = _asyncToGenerator(function* (error) {
             const {
               access_token

package/hooks/useQuery.js

@@ -86,7 +86,7 @@ const useCustomQuery = (apiOptions, queryOptions) => {
         access_token
       } = yield auth.ready();
       const customEndpointOptions = (0, _helpers.generateCustomEndpointOptions)(options, config, access_token);
-      return yield _commerceSdkIsomorphic.helpers.callCustomEndpoint(customEndpointOptions).catch(/*#__PURE__*/function () {
+      return yield _commerceSdkIsomorphic.helpers.callCustomEndpoint(customEndpointOptions).catch( /*#__PURE__*/function () {
         var _ref3 = _asyncToGenerator(function* (error) {
           const {
             access_token

package/hooks/useTrustedAgent.js

@@ -127,7 +127,7 @@ const useTrustedAgent = () => {
   const authorizeTrustedAgent = (0, _reactQuery.useMutation)(auth.authorizeTrustedAgent.bind(auth));
   const loginTrustedAgent = (0, _reactQuery.useMutation)(auth.loginTrustedAgent.bind(auth));
   const logoutTrustedAgent = (0, _reactQuery.useMutation)(auth.logout.bind(auth));
-  const login = (0, _react.useCallback)(/*#__PURE__*/function () {
+  const login = (0, _react.useCallback)( /*#__PURE__*/function () {
     var _ref2 = _asyncToGenerator(function* (loginId, usid, refresh = false) {
       if (!(0, _utils.onClient)()) {
         throw new Error('Something went wrong, this client side method is invoked on the server.');
@@ -154,7 +154,7 @@ const useTrustedAgent = () => {
       return _ref2.apply(this, arguments);
     };
   }(), [auth]);
-  const logout = (0, _react.useCallback)(/*#__PURE__*/_asyncToGenerator(function* () {
+  const logout = (0, _react.useCallback)( /*#__PURE__*/_asyncToGenerator(function* () {
     return yield logoutTrustedAgent.mutateAsync();
   }), [auth]);
   (0, _react.useEffect)(() => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/commerce-sdk-react",
-  "version": "3.2.0-preview.3",
+  "version": "3.2.0-preview.4",
   "description": "A library that provides react hooks for fetching data from Commerce Cloud",
   "homepage": "https://github.com/SalesforceCommerceCloud/pwa-kit/tree/develop/packages/ecom-react-hooks#readme",
   "bugs": {
@@ -40,12 +40,12 @@
     "version": "node ./scripts/version.js"
   },
   "dependencies": {
-    "commerce-sdk-isomorphic": "^3.1.1",
+    "commerce-sdk-isomorphic": "^3.2.0",
     "js-cookie": "^3.0.1",
     "jwt-decode": "^4.0.0"
   },
   "devDependencies": {
-    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.3",
+    "@salesforce/pwa-kit-dev": "3.9.0-preview.4",
     "@tanstack/react-query": "^4.28.0",
     "@testing-library/jest-dom": "^5.16.5",
     "@testing-library/react": "^14.0.0",
@@ -60,7 +60,7 @@
     "@types/react-helmet": "~6.1.6",
     "@types/react-router-dom": "~5.3.3",
     "cross-env": "^5.2.1",
-    "internal-lib-build": "4.0.0-extensibility-preview.3",
+    "internal-lib-build": "3.9.0-preview.4",
     "jsonwebtoken": "^9.0.0",
     "nock": "^13.3.0",
     "nodemon": "^2.0.22",
@@ -84,11 +84,11 @@
     "react-router-dom": "^5.3.4"
   },
   "engines": {
-    "node": "^16.11.0 || ^18.0.0 || ^20.0.0",
-    "npm": "^8.0.0 || ^9.0.0 || ^10.0.0"
+    "node": "^16.11.0 || ^18.0.0 || ^20.0.0 || ^22.0.0",
+    "npm": "^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0"
   },
   "publishConfig": {
     "directory": "dist"
   },
-  "gitHead": "904de01e826117febeea952e034478349e16ea4d"
+  "gitHead": "1f16c75dcb6939a4edc76bb477888239fa76357b"
 }

package/provider.d.ts

@@ -17,6 +17,7 @@ export interface CommerceApiProviderProps extends ApiClientConfigParams {
     silenceWarnings?: boolean;
     logger?: Logger;
     defaultDnt?: boolean;
+    passwordlessLoginCallbackURI?: string;
     refreshTokenRegisteredCookieTTL?: number;
     refreshTokenGuestCookieTTL?: number;
 }

package/provider.js

@@ -97,6 +97,7 @@ const CommerceApiProvider = props => {
     silenceWarnings,
     logger,
     defaultDnt,
+    passwordlessLoginCallbackURI,
     refreshTokenRegisteredCookieTTL,
     refreshTokenGuestCookieTTL
   } = props;
@@ -118,10 +119,11 @@ const CommerceApiProvider = props => {
       silenceWarnings,
       logger: configLogger,
       defaultDnt,
+      passwordlessLoginCallbackURI,
       refreshTokenRegisteredCookieTTL,
       refreshTokenGuestCookieTTL
     });
-  }, [clientId, organizationId, shortCode, siteId, proxy, redirectURI, fetchOptions, fetchedToken, enablePWAKitPrivateClient, clientSecret, silenceWarnings, configLogger, refreshTokenRegisteredCookieTTL, refreshTokenGuestCookieTTL]);
+  }, [clientId, organizationId, shortCode, siteId, proxy, redirectURI, fetchOptions, fetchedToken, enablePWAKitPrivateClient, clientSecret, silenceWarnings, configLogger, defaultDnt, passwordlessLoginCallbackURI, refreshTokenRegisteredCookieTTL, refreshTokenGuestCookieTTL]);
   const dwsid = auth.get(_constant.DWSID_COOKIE_NAME);
   const serverAffinityHeader = {};
   if (dwsid) {
@@ -179,6 +181,7 @@ const CommerceApiProvider = props => {
       silenceWarnings,
       logger: configLogger,
       defaultDnt,
+      passwordlessLoginCallbackURI,
       refreshTokenRegisteredCookieTTL,
       refreshTokenGuestCookieTTL
     }

package/utils.d.ts

@@ -33,4 +33,29 @@ export declare const getDefaultCookieAttributes: () => CookieAttributes;
 export declare function detectLocalStorageAvailable(): boolean;
 /** Determines whether cookies are available by trying to set a test value. */
 export declare function detectCookiesAvailable(options?: CookieAttributes): boolean;
+/**
+ * Determines whether the given URL string is a valid absolute URL.
+ *
+ * Valid absolute URLs:
+ * - https://example.com
+ * - http://example.com
+ *
+ * Invalid or relative URLs:
+ * - http://example
+ * - example.com
+ * - /relative/path
+ *
+ * @param {string} url - The URL string to be checked.
+ * @returns {boolean} - Returns true if the given string is a valid absolute URL, false otherwise.
+ */
+export declare function isAbsoluteUrl(url: string): boolean;
+/**
+ * Provides a platform-specific method for Base64 encoding.
+ *
+ * - In a browser environment (where `window` and `document` are defined),
+ *   the native `btoa` function is used.
+ * - In a non-browser environment (like Node.js), a fallback is provided
+ *   that uses `Buffer` to perform the Base64 encoding.
+ */
+export declare const stringToBase64: typeof btoa;
 //# sourceMappingURL=utils.d.ts.map

package/utils.js

@@ -7,7 +7,9 @@ exports.DEVELOPMENT_ORIGIN = void 0;
 exports.detectCookiesAvailable = detectCookiesAvailable;
 exports.detectInIframe = void 0;
 exports.detectLocalStorageAvailable = detectLocalStorageAvailable;
-exports.onClient = exports.isOriginTrusted = exports.getParentOrigin = exports.getDefaultCookieAttributes = exports.getCookieSameSiteAttribute = void 0;
+exports.getParentOrigin = exports.getDefaultCookieAttributes = exports.getCookieSameSiteAttribute = void 0;
+exports.isAbsoluteUrl = isAbsoluteUrl;
+exports.stringToBase64 = exports.onClient = exports.isOriginTrusted = void 0;
 var _jsCookie = _interopRequireDefault(require("js-cookie"));
 var _constant = require("./constant");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
@@ -123,4 +125,33 @@ function detectCookiesAvailable(options) {
   } catch {
     return false;
   }
-}
+}
+
+/**
+ * Determines whether the given URL string is a valid absolute URL.
+ *
+ * Valid absolute URLs:
+ * - https://example.com
+ * - http://example.com
+ *
+ * Invalid or relative URLs:
+ * - http://example
+ * - example.com
+ * - /relative/path
+ *
+ * @param {string} url - The URL string to be checked.
+ * @returns {boolean} - Returns true if the given string is a valid absolute URL, false otherwise.
+ */
+function isAbsoluteUrl(url) {
+  return /^(https?:\/\/)/i.test(url);
+}
+
+/**
+ * Provides a platform-specific method for Base64 encoding.
+ *
+ * - In a browser environment (where `window` and `document` are defined),
+ *   the native `btoa` function is used.
+ * - In a non-browser environment (like Node.js), a fallback is provided
+ *   that uses `Buffer` to perform the Base64 encoding.
+ */
+const stringToBase64 = exports.stringToBase64 = typeof window === 'object' && typeof window.document === 'object' ? btoa : unencoded => Buffer.from(unencoded).toString('base64');