@salesforce/commerce-sdk-react 3.5.0-preview.1 → 4.0.0-dev

package/CHANGELOG.md

@@ -1,6 +1,10 @@
-## v3.5.0-preview.1 (Aug 11, 2025)
+## v4.0.0-dev (Aug 18, 2025)
+- Upgrade to commerce-sdk-isomorphic v4.0.0 [2879](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2879)
 - Add support for environment level base paths on /mobify routes [#2892](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2892)
 - Update USID expiry to match SLAS refresh token expiry[#2854](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2854)
+- [Bugfix] Skip deleting dwsid on shopper login if hybrid auth is enabled for current site. [#3151](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3151)
+- Remove deprecated properties in commerce-sdk-react [#3177](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3177)
+- Update Auth class and CommerceApiProvider to support custom headers in SCAPI requests [#3183](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3183)
 
 ## v3.4.0 (Jul 22, 2025)
 

package/README.md

@@ -160,9 +160,27 @@ const Example = () => {
     const login = useAuthHelper(AuthHelpers.LoginRegisteredUserB2C)
     const logout = useAuthHelper(AuthHelpers.LogOut)
 
-    return <button onClick={() => {
-        login.mutate({username: 'kevin', password: 'pa$$word'})
-    }}>
+    return (
+        <div>
+            {/* Simple login */}
+            <button onClick={() => {
+                login.mutate({username: 'kevin', password: 'pa$$word'})
+            }}>
+                Login
+            </button>
+            
+            {/* Login with custom parameters */}
+            <button onClick={() => {
+                login.mutate({
+                    username: 'kevin', 
+                    password: 'pa$$word',
+                    customParameters: {c_customField: 'customValue'}
+                })
+            }}>
+                Login with Custom Parameters
+            </button>
+        </div>
+    )
 }
 ```
 

package/auth/index.d.ts

@@ -1,15 +1,15 @@
-import { helpers, ShopperLoginTypes, ShopperCustomersTypes } from 'commerce-sdk-isomorphic';
+import { helpers, ShopperLoginTypes, ShopperCustomersTypes, FetchOptions } from 'commerce-sdk-isomorphic';
 import { ApiClientConfigParams, Prettify, RemoveStringIndex } from '../hooks/types';
 import { CustomerType } from '../hooks/useCustomerType';
 import { DNT_COOKIE_NAME, DWSID_COOKIE_NAME } from '../constant';
 import { Logger } from '../types';
 type TokenResponse = ShopperLoginTypes.TokenResponse;
-type Helpers = typeof helpers;
 interface AuthConfig extends ApiClientConfigParams {
     redirectURI: string;
     proxy: string;
+    headers?: Record<string, string>;
     privateClientProxyEndpoint?: string;
-    fetchOptions?: ShopperLoginTypes.FetchOptions;
+    fetchOptions?: FetchOptions;
     fetchedToken?: string;
     enablePWAKitPrivateClient?: boolean;
     clientSecret?: string;
@@ -19,21 +19,34 @@ interface AuthConfig extends ApiClientConfigParams {
     passwordlessLoginCallbackURI?: string;
     refreshTokenRegisteredCookieTTL?: number;
     refreshTokenGuestCookieTTL?: number;
+    hybridAuthEnabled?: boolean;
 }
-type AuthorizeIDPParams = Parameters<Helpers['authorizeIDP']>[1];
-type LoginIDPUserParams = Parameters<Helpers['loginIDPUser']>[2];
-type AuthorizePasswordlessParams = Parameters<Helpers['authorizePasswordless']>[2];
-type LoginPasswordlessParams = Parameters<Helpers['getPasswordLessAccessToken']>[2];
-type LoginRegisteredUserB2CCredentials = Parameters<Helpers['loginRegisteredUserB2C']>[1];
 /**
- * This is a temporary type until we can make a breaking change and modify the signature for
- * loginRegisteredUserB2C so that it takes in a body rather than just credentials
- *
+ * Body type for loginRegisteredUserB2C - aligns with register function pattern
  */
-type LoginRegisteredUserCredentialsWithCustomParams = LoginRegisteredUserB2CCredentials & {
-    options?: {
-        body: helpers.CustomRequestBody;
-    };
+type LoginRegisteredUserB2CBody = {
+    username: string;
+    password: string;
+    customParameters?: helpers.CustomRequestBody;
+};
+type LoginIDPUserParams = {
+    redirectURI?: string;
+    code: string;
+    usid?: string;
+};
+type AuthorizeIDPParams = {
+    redirectURI: string;
+    hint: string;
+    usid?: string;
+    [key: string]: any;
+};
+type AuthorizePasswordlessParams = {
+    callbackURI?: string;
+    userid: string;
+    mode?: string;
+};
+type GetPasswordLessAccessTokenParams = {
+    pwdlessLoginToken: string;
 };
 /**
  * The extended field is not from api response, we manually store the auth type,
@@ -76,6 +89,7 @@ declare class Auth {
     private refreshTokenRegisteredCookieTTL;
     private refreshTokenGuestCookieTTL;
     private refreshTrustedAgentHandler;
+    private hybridAuthEnabled;
     constructor(config: AuthConfig);
     get(name: AuthDataKeys): string;
     private set;
@@ -161,7 +175,20 @@ declare class Auth {
      * store the data in storage.
      */
     private handleTokenResponse;
-    refreshAccessToken(): Promise<ShopperLoginTypes.TokenResponse>;
+    refreshAccessToken(): Promise<{
+        access_token: string;
+        id_token: string;
+        refresh_token: string;
+        expires_in: number;
+        refresh_token_expires_in: number;
+        token_type: "Bearer";
+        usid: string;
+        customer_id: string;
+        enc_user_id: string;
+        idp_access_token: string;
+    } & {
+        [key: string]: any;
+    }>;
     /**
      * This method queues the requests and handles the SLAS token response.
      *
@@ -169,7 +196,20 @@ declare class Auth {
      *
      * @Internal
      */
-    queueRequest(fn: () => Promise<TokenResponse>, isGuest: boolean): Promise<ShopperLoginTypes.TokenResponse>;
+    queueRequest(fn: () => Promise<TokenResponse>, isGuest: boolean): Promise<{
+        access_token: string;
+        id_token: string;
+        refresh_token: string;
+        expires_in: number;
+        refresh_token_expires_in: number;
+        token_type: "Bearer";
+        usid: string;
+        customer_id: string;
+        enc_user_id: string;
+        idp_access_token: string;
+    } & {
+        [key: string]: any;
+    }>;
     logWarning: (msg: string) => void;
     /**
      * This method extracts the status and message from a ResponseError that is returned
@@ -202,7 +242,20 @@ declare class Auth {
      * 3. If we have valid TAOB access token - refresh TAOB token flow
      * 4. PKCE flow
      */
-    ready(): Promise<ShopperLoginTypes.TokenResponse>;
+    ready(): Promise<{
+        access_token: string;
+        id_token: string;
+        refresh_token: string;
+        expires_in: number;
+        refresh_token_expires_in: number;
+        token_type: "Bearer";
+        usid: string;
+        customer_id: string;
+        enc_user_id: string;
+        idp_access_token: string;
+    } & {
+        [key: string]: any;
+    }>;
     /**
      * Creates a function that only executes after a session is initialized.
      * @param fn Function that needs to wait until the session is initialized.
@@ -213,7 +266,20 @@ declare class Auth {
      * A wrapper method for commerce-sdk-isomorphic helper: loginGuestUser.
      *
      */
-    loginGuestUser(parameters?: helpers.CustomQueryParameters): Promise<ShopperLoginTypes.TokenResponse>;
+    loginGuestUser(parameters?: helpers.CustomQueryParameters): Promise<{
+        access_token: string;
+        id_token: string;
+        refresh_token: string;
+        expires_in: number;
+        refresh_token_expires_in: number;
+        token_type: "Bearer";
+        usid: string;
+        customer_id: string;
+        enc_user_id: string;
+        idp_access_token: string;
+    } & {
+        [key: string]: any;
+    }>;
     /**
      * This is a wrapper method for ShopperCustomer API registerCustomer endpoint.
      *
@@ -226,11 +292,11 @@ declare class Auth {
             city?: string | undefined;
             companyName?: string | undefined;
             countryCode: string;
-            creationDate?: any;
+            creationDate?: string | undefined;
             firstName?: string | undefined;
             fullName?: string | undefined;
             jobTitle?: string | undefined;
-            lastModified?: any;
+            lastModified?: string | undefined;
             lastName: string;
             phone?: string | undefined;
             postBox?: string | undefined;
@@ -245,13 +311,13 @@ declare class Auth {
         } & {
             [key: string]: any;
         })[] | undefined;
-        authType?: string | undefined;
-        birthday?: any;
+        authType?: ("guest" | "registered") | undefined;
+        birthday?: string | undefined;
         companyName?: string | undefined;
-        creationDate?: any;
+        creationDate?: string | undefined;
+        currentPassword?: string | undefined;
         customerId?: string | undefined;
         customerNo?: string | undefined;
-        currentPassword?: string | undefined;
         email?: string | undefined;
         enabled?: boolean | undefined;
         fax?: string | undefined;
@@ -259,29 +325,19 @@ declare class Auth {
         gender?: number | undefined;
         hashedLogin?: string | undefined;
         jobTitle?: string | undefined;
-        lastLoginTime?: any;
-        lastModified?: any;
+        lastLoginTime?: string | undefined;
+        lastModified?: string | undefined;
         lastName?: string | undefined;
-        lastVisitTime?: any;
+        lastVisitTime?: string | undefined;
         login?: string | undefined;
         note?: string | undefined;
         paymentInstruments?: ({
             bankRoutingNumber?: string | undefined;
-            creationDate?: any;
-            lastModified?: any;
+            creationDate?: string | undefined;
+            lastModified?: string | undefined;
             maskedGiftCertificateCode?: string | undefined;
-            paymentBankAccount?: ({
-                driversLicenseLastDigits?: string | undefined;
-                driversLicenseStateCode?: string | undefined;
-                holder?: string | undefined;
-                maskedDriversLicense?: string | undefined;
-                maskedNumber?: string | undefined;
-                numberLastDigits?: string | undefined;
-            } & {
-                [key: string]: any;
-            }) | undefined;
             paymentCard?: ({
-                cardType: string;
+                cardType?: string | undefined;
                 creditCardExpired?: boolean | undefined;
                 creditCardToken?: string | undefined;
                 expirationMonth?: number | undefined;
@@ -297,6 +353,7 @@ declare class Auth {
             }) | undefined;
             paymentInstrumentId?: string | undefined;
             paymentMethodId?: string | undefined;
+            default?: boolean | undefined;
         } & {
             [key: string]: any;
         })[] | undefined;
@@ -304,8 +361,8 @@ declare class Auth {
         phoneHome?: string | undefined;
         phoneMobile?: string | undefined;
         preferredLocale?: string | undefined;
-        previousLoginTime?: any;
-        previousVisitTime?: any;
+        previousLoginTime?: string | undefined;
+        previousVisitTime?: string | undefined;
         salutation?: string | undefined;
         secondName?: string | undefined;
         suffix?: string | undefined;
@@ -316,14 +373,10 @@ declare class Auth {
     /**
      * A wrapper method for commerce-sdk-isomorphic helper: loginRegisteredUserB2C.
      *
-     * Note: This uses the type LoginRegisteredUserCredentialsWithCustomParams rather than LoginRegisteredUserB2CCredentials
-     * as a workaround to allow custom parameters through because the login.mutateAsync hook will only pass through a single
-     * 'body' argument into this function.
-     *
-     * In the next major version release, we should modify this method so that it's input is a body containing credentials,
-     * similar to the input for the register function.
+     * This method uses a body-based API similar to the register function for consistency.
+     * Supports custom parameters through the customParameters field.
      */
-    loginRegisteredUserB2C(credentials: LoginRegisteredUserCredentialsWithCustomParams): Promise<helpers.TokenResponse>;
+    loginRegisteredUserB2C(body: LoginRegisteredUserB2CBody): Promise<helpers.TokenResponse>;
     /**
      * Trusted agent authorization
      *
@@ -352,8 +405,8 @@ declare class Auth {
         id_token: string;
         refresh_token: string;
         expires_in: number;
-        refresh_token_expires_in: any;
-        token_type: string;
+        refresh_token_expires_in: number;
+        token_type: "Bearer";
         usid: string;
         customer_id: string;
         enc_user_id: string;
@@ -372,7 +425,20 @@ declare class Auth {
      * A wrapper method for commerce-sdk-isomorphic helper: logout.
      *
      */
-    logout(): Promise<ShopperLoginTypes.TokenResponse>;
+    logout(): Promise<{
+        access_token: string;
+        id_token: string;
+        refresh_token: string;
+        expires_in: number;
+        refresh_token_expires_in: number;
+        token_type: "Bearer";
+        usid: string;
+        customer_id: string;
+        enc_user_id: string;
+        idp_access_token: string;
+    } & {
+        [key: string]: any;
+    }>;
     /**
      * Handle updating customer password and re-log in after the access token is invalidated.
      *
@@ -385,9 +451,13 @@ declare class Auth {
     }): Promise<void>;
     /**
      * A wrapper method for commerce-sdk-isomorphic helper: authorizeIDP.
+     * Initiates OAuth2 authorization flow for Identity Provider (IDP) login.
      *
      */
-    authorizeIDP(parameters: AuthorizeIDPParams): Promise<void>;
+    authorizeIDP(parameters: AuthorizeIDPParams): Promise<{
+        url: string;
+        codeVerifier: string;
+    }>;
     /**
      * A wrapper method for commerce-sdk-isomorphic helper: loginIDPUser.
      *
@@ -400,17 +470,17 @@ declare class Auth {
     /**
      * A wrapper method for commerce-sdk-isomorphic helper: getPasswordLessAccessToken.
      */
-    getPasswordLessAccessToken(parameters: LoginPasswordlessParams): Promise<helpers.TokenResponse>;
+    getPasswordLessAccessToken(parameters: GetPasswordLessAccessTokenParams): Promise<helpers.TokenResponse>;
     /**
      * A wrapper method for the SLAS endpoint: getPasswordResetToken.
      *
      */
-    getPasswordResetToken(parameters: ShopperLoginTypes.PasswordActionRequest): Promise<void>;
+    getPasswordResetToken(parameters: ShopperLoginTypes.getPasswordResetTokenBodyType): Promise<void>;
     /**
      * A wrapper method for the SLAS endpoint: resetPassword.
      *
      */
-    resetPassword(parameters: ShopperLoginTypes.PasswordActionVerifyRequest): Promise<void>;
+    resetPassword(parameters: ShopperLoginTypes.resetPasswordBodyType): Promise<void>;
     /**
      * Decode SLAS JWT and extract information such as customer id, usid, etc.
      *