-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@W-14455649@ - DO NOT MERGE - Spike slas private client v2 #1585
Conversation
@@ -40,7 +40,7 @@ | |||
"version": "node ./scripts/version.js" | |||
}, | |||
"dependencies": { | |||
"commerce-sdk-isomorphic": "^1.10.4", | |||
"commerce-sdk-isomorphic": "/Users/vcua/Git/commerce-sdk-isomorphic", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR needs the changes in SalesforceCommerceCloud/commerce-sdk-isomorphic#138 to work
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI if anyone wants to run this PR locally, you'll need to update this line to point to your own copy of commerce-sdk-isomorphic
. Specifically, pull in the PR: SalesforceCommerceCloud/commerce-sdk-isomorphic#138.
Also, in your copy of commerce-sdk-isomorphic
, build it first by running:
yarn install
yarn run renderTemplates
yarn build:lib
@@ -405,7 +405,8 @@ class Auth { | |||
} | |||
} | |||
return await this.queueRequest( | |||
() => helpers.loginGuestUser(this.client, {redirectURI: this.redirectURI}), | |||
//() => helpers.loginGuestUser(this.client, {redirectURI: this.redirectURI}), | |||
() => helpers.loginGuestUserPrivateClient(this.client,{redirectURI: this.redirectURI}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This consumes a change made in commerce-sdk-isomorphic to skip the /authorize
call when logging in as a guest
@@ -37,7 +37,7 @@ | |||
"cross-env": "^5.2.1", | |||
"express": "^4.18.2", | |||
"header-case": "1.0.1", | |||
"http-proxy-middleware": "0.21.0", | |||
"http-proxy-middleware": "^2.0.6", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated this dependency for the purposes of this spike. Upgrading required minimal changes and did not seem to have broken anything.
@@ -59,6 +61,34 @@ const {handler} = runtime.createHandler(options, (app) => { | |||
}) | |||
) | |||
|
|||
const createSlasHandler = ({clientId, secret, shortCode}) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The main event happens here. A SLAS request coming from commerce-sdk-react
is intercepted and we add the client secret as an auth header to /token
calls.
We may want to allow developers to set additional endpoints where this client secret is added (ie. /password/action
for password reset).
@@ -22,6 +22,7 @@ type Helpers = typeof helpers | |||
interface AuthConfig extends ApiClientConfigParams { | |||
redirectURI: string | |||
proxy: string | |||
slasProxy: string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are setting up a new proxy in ssr.js to insert the client secret. This new slasProxy
is how I am consuming that separate proxy at this time
@@ -168,7 +169,7 @@ class Auth { | |||
|
|||
constructor(config: AuthConfig) { | |||
this.client = new ShopperLogin({ | |||
proxy: config.proxy, | |||
proxy: config.slasProxy, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using the regular config.proxy
would send calls to /mobify/proxy/api/
which does not include the logic for inserting the client secret at this time. So I added this new slasProxy
for requests that do go need the client secret
@@ -23,6 +23,7 @@ export const DEFAULT_TEST_HOST = 'http://localhost:8888' | |||
|
|||
export const DEFAULT_TEST_CONFIG = { | |||
proxy: `${DEFAULT_TEST_HOST}/mobify/proxy/api`, | |||
slasProxy: `${DEFAULT_TEST_HOST}`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is how I am consuming the new proxy set in ssr.js. As mentioned in other comments, it is currently separate from /mobify/proxy/api
const clientId = process?.env?.SLAS_PRIVATE_CLIENT_ID | ||
const secret = process?.env?.SLAS_PRIVATE_CLIENT_SECRET | ||
const shortCode = process?.env?.CC_SHORT_CODE | ||
const target = `https://${shortCode}.api.commercecloud.salesforce.com` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These environment variables are read either from your local terminal or from MRT's env variables
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was trying out an approach that used a new env-vars.json file to store the client secret but maybe just setting the env var in the terminal is better? This way, there is no risk in accidentally committing a file with the client secret and we don't have to read in a file.
Less logic also as process.env can work locally and on MRT.
const encodedClientCredential = Buffer.from(`${clientId}:${secret}`).toString( | ||
'base64' | ||
) | ||
outGoingReq.setHeader('Authorization', `Basic ${encodedClientCredential}`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could add a conditional here to only set the secret if it is defined. If it's not defined (ie. we're using a SLAS public client), do nothing.
const clientId = process?.env?.SLAS_PRIVATE_CLIENT_ID | ||
const secret = process?.env?.SLAS_PRIVATE_CLIENT_SECRET | ||
const shortCode = process?.env?.CC_SHORT_CODE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are the same env vars used for Storefront Preview, right? If so, let's keep in mind that most likely the customer will need to use a different api client for their website... a client that does not have access/scope to set the shopper context.
@@ -40,7 +40,7 @@ | |||
"version": "node ./scripts/version.js" | |||
}, | |||
"dependencies": { | |||
"commerce-sdk-isomorphic": "^1.10.4", | |||
"commerce-sdk-isomorphic": "/Users/vcua/Git/commerce-sdk-isomorphic", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI if anyone wants to run this PR locally, you'll need to update this line to point to your own copy of commerce-sdk-isomorphic
. Specifically, pull in the PR: SalesforceCommerceCloud/commerce-sdk-isomorphic#138.
Also, in your copy of commerce-sdk-isomorphic
, build it first by running:
yarn install
yarn run renderTemplates
yarn build:lib
stale PR, closed |
PR for spiking how we might add private clients to the PWA
WIP
Currently works on local build and MRT
MRT test environment: https://scaffold-pwa-private-client.mobify-storefront.com/
TODO
Unify the proxies. Right now, slas is using a separate proxy from everything else