deps: update js-auth to latest version

Author: marcomontalbano

.vscode/settings.json

@@ -10,4 +10,4 @@
   "files.associations": {
     "*.css": "tailwindcss" // enforce usage of Tailwind extention to lint css files
   }
-}
+}

package.json

@@ -36,8 +36,8 @@
     "@biomejs/biome": "2.2.4",
     "concurrently": "^9.2.1",
     "husky": "^9.1.7",
-    "lerna": "^8.2.4",
-    "lint-staged": "^16.2.0",
+    "lerna": "^9.0.0",
+    "lint-staged": "^16.2.3",
     "replace-in-file": "^8.3.0",
     "typescript": "^5.9.2"
   },

packages/docs/package.json

@@ -21,12 +21,12 @@
     "@babel/preset-env": "^7.28.3",
     "@babel/preset-react": "^7.27.1",
     "@babel/preset-typescript": "^7.27.1",
-    "@storybook/addon-docs": "^9.1.7",
-    "@storybook/addon-links": "^9.1.7",
-    "@storybook/html-vite": "^9.1.7",
+    "@storybook/addon-docs": "^9.1.9",
+    "@storybook/addon-links": "^9.1.9",
+    "@storybook/html-vite": "^9.1.9",
     "@storybook/icons": "^1.6.0",
     "@types/common-tags": "^1.8.4",
-    "@types/node": "^20.19.17",
+    "@types/node": "^20.19.18",
     "@types/react": "^19",
     "@types/react-syntax-highlighter": "^15.5.13",
     "babel-loader": "^10.0.0",
@@ -37,8 +37,8 @@
     "react-dom": "^19",
     "react-syntax-highlighter": "^15.6.6",
     "remark-gfm": "^4.0.1",
-    "sass": "^1.93.0",
-    "storybook": "^9.1.7",
+    "sass": "^1.93.2",
+    "storybook": "^9.1.9",
     "typescript": "^5.9.2",
     "vite": "^7.1.7"
   },

packages/drop-in/package.json

@@ -45,9 +45,9 @@
     "email": "marco.montalbano@commercelayer.io"
   },
   "dependencies": {
-    "@commercelayer/js-auth": "^6.7.2",
+    "@commercelayer/js-auth": "^7.0.0",
     "@commercelayer/organization-config": "^2.4.0",
-    "@commercelayer/sdk": "^6.46.0",
+    "@commercelayer/sdk": "^6.47.0",
     "@types/lodash-es": "^4.17.12",
     "iframe-resizer": "4.3.11",
     "js-cookie": "^3.0.5",
@@ -63,12 +63,13 @@
     "@types/iframe-resizer": "^4.0.0",
     "@types/jest": "^29.5.14",
     "@types/js-cookie": "^3.0.6",
-    "@types/node": "^20.19.17",
+    "@types/node": "^20.19.18",
     "jest": "^29.7.0",
     "jest-cli": "^29.7.0",
+    "lodash": "^4.17.21",
     "nodemon": "^3.1.10",
-    "puppeteer": "24.22.0",
-    "sass": "^1.93.0",
+    "puppeteer": "24.22.3",
+    "sass": "^1.93.2",
     "ts-jest": "^29.4.4",
     "typescript": "^5.9.2"
   },

packages/drop-in/src/apis/commercelayer/account.ts

@@ -4,9 +4,9 @@ import { getClosestLocationHref } from "@/utils/url"
 
 export async function getMyAccountUrl(): Promise<string | undefined> {
   const config = getConfig()
-  const { type } = await getAccessToken(config)
+  const { ownerType } = await getAccessToken(config)
 
-  if (type === "guest") {
+  if (ownerType === "guest") {
     return undefined
   }
 

packages/drop-in/src/apis/commercelayer/cart.ts

@@ -27,7 +27,7 @@ async function createEmptyCart(): Promise<Order> {
     config.defaultAttributes?.orders ?? {},
   )
 
-  if (token.type === "guest") {
+  if (token.ownerType === "guest") {
     setCartId(order.id)
   }
 
@@ -142,7 +142,7 @@ export async function _getCart(): Promise<Order | null> {
     include: ["line_items.item", "line_items.line_item_options.sku_option"],
   }
 
-  if (token.type === "guest") {
+  if (token.ownerType === "guest") {
     const orderId = getCartId()
 
     if (orderId === null) {
@@ -167,7 +167,7 @@ export async function _getCart(): Promise<Order | null> {
     return null
   }
 
-  const [order = null] = await client.customers.orders(token.customerId, {
+  const [order = null] = await client.customers.orders(token.ownerId, {
     ...orderParams,
     filters: {
       market_id_in: jwt.payload.market.id.join(","),

packages/drop-in/src/apis/commercelayer/client.ts

@@ -1,79 +1,27 @@
-import {
-  type AuthenticateOptions,
-  type AuthenticateReturn,
-  authenticate,
-  jwtDecode,
-  jwtIsSalesChannel,
-  revoke,
-} from "@commercelayer/js-auth"
+import { makeSalesChannel } from "@commercelayer/js-auth"
 import CommerceLayer, {
   type CommerceLayerClient,
   type Customer,
 } from "@commercelayer/sdk"
 import Cookies from "js-cookie"
 import { memoize } from "lodash-es"
 import { fireEvent } from "@/apis/event"
-import { getKeyForCustomerToken, getKeyForGuestToken } from "@/apis/storage"
 import { pDebounce } from "@/utils/debounce"
 import { type Config, getConfig } from "./config"
 
 export type Token = (
   | {
-      type: "guest"
+      ownerType: "guest"
     }
   | {
-      type: "customer"
-      customerId: string
+      ownerType: "customer"
+      ownerId: string
     }
 ) & {
   accessToken: string
   scope?: string
 }
 
-function setToken(key: string, value: Token, expires?: Date): void {
-  Cookies.set(key, JSON.stringify(value), { expires })
-}
-
-function clearToken(key: string): void {
-  Cookies.remove(key)
-}
-
-function getToken(key: string): Token | undefined {
-  const cookie = Cookies.get(key)
-
-  if (cookie == null) {
-    return undefined
-  }
-
-  try {
-    return JSON.parse(cookie)
-  } catch (_e) {
-    return undefined
-  }
-}
-
-async function revokeToken(
-  clientCredentials: AuthenticateOptions<"client_credentials">,
-  accessToken: string,
-): Promise<boolean> {
-  const res = await revoke({
-    clientId: clientCredentials.clientId,
-    token: accessToken,
-  })
-
-  return res.errors == null
-}
-
-async function getSalesChannelToken(
-  clientCredentials: AuthenticateOptions<"client_credentials">,
-): Promise<AuthenticateReturn<"client_credentials"> | null> {
-  return await authenticate("client_credentials", {
-    clientId: clientCredentials.clientId,
-    scope: clientCredentials.scope,
-    domain: clientCredentials.domain,
-  }).then((res) => (res.errors == null ? res : null))
-}
-
 const getCustomerInfoFromUrl = (): {
   accessToken: string | undefined
   scope: string | undefined
@@ -93,82 +41,50 @@ const getCustomerInfoFromUrl = (): {
   }
 }
 
-async function readCustomerToken(
-  clientCredentials: AuthenticateOptions<"client_credentials">,
-): Promise<Token | null> {
-  const cookieName = getKeyForCustomerToken(clientCredentials)
-  const cookieValue = getToken(cookieName) ?? null
-
-  // const searchParams = new window.URL(window.location.href).searchParams
-  // const accessToken = searchParams.get('accessToken')
-  // const scope = searchParams.get('scope') ?? clientCredentials.scope
-  const { accessToken, scope = clientCredentials.scope } =
-    getCustomerInfoFromUrl()
-
-  if (accessToken == null) {
-    return cookieValue
-  }
-
-  const jwt = jwtDecode(accessToken)
-
-  if (jwtIsSalesChannel(jwt.payload) && jwt.payload.owner != null) {
-    const token: Token = {
-      type: "customer",
-      customerId: jwt.payload.owner.id,
-      accessToken,
-      scope,
-    }
-
-    setToken(cookieName, token, new Date(jwt.payload.exp * 1000))
-
-    return token
-  }
-
-  return cookieValue
-}
-
-async function readGuestToken(
-  clientCredentials: AuthenticateOptions<"client_credentials">,
-): Promise<Token> {
-  const cookieName = getKeyForGuestToken(clientCredentials)
-  const value = getToken(cookieName)
-
-  if (value !== undefined) {
-    return value
-  }
-
-  const salesChannelToken = await getSalesChannelToken(clientCredentials).catch(
-    (error) => {
-      throw new Error(
-        `Cannot get a sales channel token. ${error.body.error}. ${error.body.error_description}`,
-      )
-    },
-  )
-
-  if (salesChannelToken == null) {
-    throw new Error("Unable to get a valid sales channel token.")
-  }
-
-  const { accessToken, expires } = salesChannelToken
-
-  const token: Token = {
-    type: "guest",
-    accessToken,
-    scope: clientCredentials.scope,
-  }
-  setToken(cookieName, token, expires)
+const getSalesChannel = memoize(
+  (clientCredentials: Parameters<typeof makeSalesChannel>[0]) =>
+    makeSalesChannel(clientCredentials, {
+      async getKey(configuration, type) {
+        const scope = (configuration.scope ?? "undefined").replace(" ", "-")
+        const t = type === "guest" ? "token" : "session"
+
+        return `commercelayer_${t}-${configuration.clientId}-${scope}`
+      },
+      storage: {
+        async getItem(key: string) {
+          return JSON.parse(Cookies.get(key) ?? "null")
+        },
+        async removeItem(key) {
+          Cookies.remove(key)
+        },
+        async setItem(key, value) {
+          Cookies.set(key, JSON.stringify(value))
+        },
+      },
+    }),
+  (clientCredentials) => JSON.stringify(clientCredentials),
+)
 
-  return token
-}
+const configToClientCredentials = (config: Config) => ({
+  clientId: config.clientId,
+  scope: config.scope,
+  debug: config.debug !== "none",
+  domain: config.domain,
+})
 
 export const getAccessToken = memoize(
-  async (
-    clientCredentials: AuthenticateOptions<"client_credentials">,
-  ): Promise<Token> => {
-    let token = await readCustomerToken(clientCredentials)
-
-    if (token == null) {
-      token = await readGuestToken(clientCredentials)
+  async (config: Config): Promise<Token> => {
+    const clientCredentials = configToClientCredentials(config)
+    const salesChannel = getSalesChannel(clientCredentials)
+    let token = await salesChannel.getAuthorization()
+
+    const { accessToken, scope = config.scope } = getCustomerInfoFromUrl()
+
+    if (accessToken != null && scope != null) {
+      token = await salesChannel.setCustomer({
+        accessToken,
+        scope,
+      })
     }
 
     fireEvent("cl-identity-gettoken", [], token)
@@ -197,9 +113,9 @@ async function _getCustomer(): Promise<Customer | null> {
   const config = getConfig()
   const token = await getAccessToken(config)
 
-  if (token.type === "customer") {
+  if (token.ownerType === "customer") {
     const client = await createClient(config)
-    return await client.customers.retrieve(token.customerId, {
+    return await client.customers.retrieve(token.ownerId, {
       fields: customerFields,
     })
   }
@@ -213,13 +129,12 @@ export const getCustomer = memoize(
 
 export async function logout(): Promise<void> {
   const config = getConfig()
+  const clientCredentials = configToClientCredentials(config)
+  const salesChannel = getSalesChannel(clientCredentials)
   const token = await getAccessToken(config)
 
-  if (token.type === "customer") {
-    const cookieName = getKeyForCustomerToken(config)
-    clearToken(cookieName)
-
-    await revokeToken(config, token.accessToken)
+  if (token.ownerType === "customer") {
+    await salesChannel.logoutCustomer()
 
     getAccessToken.cache.clear?.()
     // await getAccessToken(config)

packages/drop-in/src/apis/storage.ts

@@ -1,4 +1,3 @@
-import type { AuthenticateOptions } from "@commercelayer/js-auth"
 import type { Config } from "./commercelayer/config"
 
 const prefix = "commercelayer_"
@@ -12,19 +11,3 @@ export function getKeyForCart(config: Config): string {
 
   return `${prefix}order-id-${config.clientId}-${scope}${suffix}`
 }
-
-export function getKeyForGuestToken(
-  clientCredentials: AuthenticateOptions<"client_credentials">,
-): string {
-  const scope = (clientCredentials.scope ?? "undefined").replace(" ", "-")
-
-  return `${prefix}token-${clientCredentials.clientId}-${scope}`
-}
-
-export function getKeyForCustomerToken(
-  clientCredentials: AuthenticateOptions<"client_credentials">,
-): string {
-  const scope = (clientCredentials.scope ?? "undefined").replace(" ", "-")
-
-  return `${prefix}session-${clientCredentials.clientId}-${scope}`
-}

packages/drop-in/src/components/cl-cart-count/cl-cart-count.spec.tsx

@@ -7,7 +7,7 @@ import { ClCartCount } from "./cl-cart-count"
 describe("cl-cart-count.spec", () => {
   it("renders", async () => {
     jest.spyOn(client, "getAccessToken").mockResolvedValue({
-      type: "guest",
+      ownerType: "guest",
       accessToken: mockedAccessToken,
       scope: "market:code:usa",
     })
@@ -26,7 +26,7 @@ describe("cl-cart-count.spec", () => {
 
   it('renders without content when "hide-when-empty" attribute is set to `true`', async () => {
     jest.spyOn(client, "getAccessToken").mockResolvedValue({
-      type: "guest",
+      ownerType: "guest",
       accessToken: mockedAccessToken,
       scope: "market:code:usa",
     })