Skip to content

Add slas token command for SLAS shopper access tokens #232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
clavery wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add slas token command for SLAS shopper access tokens #232

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1485c7a
Add `slas token` command for retrieving SLAS shopper access tokens
clavery Mar 4, 2026
5cb9d69
Merge branch 'main' into feature/slas-token
amit-kumar8-sf Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .changeset/slas-token-command.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
'@salesforce/b2c-cli': minor
'@salesforce/b2c-tooling-sdk': minor
---

Add `slas token` command to retrieve SLAS shopper access tokens for API testing. Supports public (PKCE) and private (client_credentials) client flows, guest and registered customer authentication, and auto-discovery of public SLAS clients.
97 changes: 97 additions & 0 deletions docs/cli/slas.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,103 @@ For complete setup instructions, see the [Authentication Guide](/guide/authentic

---

## b2c slas token

Get a SLAS shopper access token for testing APIs.

### Usage

```bash
b2c slas token --tenant-id <TENANT_ID> --site-id <SITE_ID>
```

### Flags

| Flag | Environment Variable | Description | Required |
|------|---------------------|-------------|----------|
| `--tenant-id` | `SFCC_TENANT_ID` | SLAS tenant ID (organization ID) | Yes |
| `--site-id` | `SFCC_SITE_ID` | Site/channel ID | Yes* |
| `--slas-client-id` | `SFCC_SLAS_CLIENT_ID` | SLAS client ID (auto-discovered if omitted) | No |
| `--slas-client-secret` | `SFCC_SLAS_CLIENT_SECRET` | SLAS client secret (omit for public clients) | No |
| `--short-code` | `SFCC_SHORTCODE` | SCAPI short code | Yes |
| `--redirect-uri` | | Redirect URI | No |
| `--shopper-login` | | Registered customer login | No |
| `--shopper-password` | | Registered customer password (prompted interactively if omitted) | No |

\* `--site-id` can be auto-discovered from the SLAS client configuration when using auto-discovery.

### Flows

The command automatically selects the appropriate authentication flow:

| Scenario | Flow |
|----------|------|
| No `--slas-client-secret` | Public client PKCE (authorization_code_pkce) |
| With `--slas-client-secret` | Private client (client_credentials) |
| With `--shopper-login` | Registered customer login |
| No `--slas-client-id` | Auto-discovers first public client via SLAS Admin API |

### Examples

```bash
# Guest token with auto-discovery (finds first public SLAS client)
b2c slas token --tenant-id abcd_123 --site-id RefArch

# Guest token with explicit public client (PKCE flow)
b2c slas token --slas-client-id my-client \
--tenant-id abcd_123 --short-code kv7kzm78 --site-id RefArch

# Guest token with private client (client_credentials flow)
b2c slas token --slas-client-id my-client --slas-client-secret sk_xxx \
--tenant-id abcd_123 --short-code kv7kzm78 --site-id RefArch

# Registered customer token
b2c slas token --tenant-id abcd_123 --site-id RefArch \
--shopper-login user@example.com --shopper-password secret

# JSON output (includes refresh token, expiry, usid, etc.)
b2c slas token --tenant-id abcd_123 --site-id RefArch --json

# Use token in a subsequent API call
TOKEN=$(b2c slas token --tenant-id abcd_123 --site-id RefArch)
curl -H "Authorization: Bearer $TOKEN" \
"https://kv7kzm78.api.commercecloud.salesforce.com/..."
```

### Output

- **Normal mode**: prints the raw access token to stdout (pipeable)
- **JSON mode** (`--json`): returns full token details:

```json
{
"accessToken": "...",
"refreshToken": "...",
"expiresIn": 1800,
"tokenType": "Bearer",
"usid": "...",
"customerId": "...",
"clientId": "...",
"siteId": "RefArch",
"isGuest": true
}
```

### Configuration

These values can also be set in `dw.json`:

```json
{
"tenant-id": "abcd_123",
"short-code": "kv7kzm78",
"slas-client-id": "my-public-client",
"site-id": "RefArch"
}
```

---

## b2c slas client list

List SLAS clients for a tenant.
Expand Down
2 changes: 1 addition & 1 deletion packages/b2c-cli/eslint.config.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ export default [
},
},
{
files: ['src/commands/setup/**/*.ts'],
files: ['src/commands/setup/**/*.ts', 'src/commands/slas/**/*.ts'],
rules: {
// ESLint import resolver doesn't understand conditional exports (development condition)
// but Node.js resolves them correctly at runtime
Expand Down
2 changes: 1 addition & 1 deletion packages/b2c-cli/src/commands/setup/inspect.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import {withDocs} from '../../i18n/index.js';
/**
* Sensitive fields that should be masked by default.
*/
const SENSITIVE_FIELDS = new Set<keyof NormalizedConfig>(['clientSecret', 'mrtApiKey', 'password']);
const SENSITIVE_FIELDS = new Set<keyof NormalizedConfig>(['clientSecret', 'mrtApiKey', 'password', 'slasClientSecret']);

/**
* JSON output structure for the inspect command.
Expand Down
Loading
Loading