You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
B2C Commerce API's Shopper Context allows setting the "context" of a shopper such that subsequent API requests take into account a shopper's customer groups, source codes, or other qualifiers when creating a response.
Today in the PWA Kit, no example Shopper Context usage is provided. It is possible through customization, but the steps to getting it working securely are non-trivial.
It would be nice if we provided an example of how to approach this!
Today, customers must:
Create a new handler in ssr.js which accepts a SLAS JWT and a Shopper Context payload
The handler validates the SLAS JWT using the JWKS endpoint. Libraries like jose can help, but this step is still error prone both in choosing what claims to validate and keeping within the endpoint's rate limit.
The handler then gets the USID from the JWT
A second private SLAS client with scopes sfcc.shopper-context.rw sfcc.ts_ext_on_behalf_of is used to get a System on Behalf Of JWT for the shopper.
Finally, the shopper context payload is forwarded using the TSOB JWT.
In B2C Commerce 24.6, the addition of Shopper Context hooks will allow customers to call the Shopper Context endpoints more directly, removing the need for the Trusted System token dance assuming they add a hook to validate and allow context payloads they want shoppers to be able to set directly.
The text was updated successfully, but these errors were encountered:
B2C Commerce API's Shopper Context allows setting the "context" of a shopper such that subsequent API requests take into account a shopper's customer groups, source codes, or other qualifiers when creating a response.
Today in the PWA Kit, no example Shopper Context usage is provided. It is possible through customization, but the steps to getting it working securely are non-trivial.
It would be nice if we provided an example of how to approach this!
Today, customers must:
ssr.jswhich accepts a SLAS JWT and a Shopper Context payloadjosecan help, but this step is still error prone both in choosing what claims to validate and keeping within the endpoint's rate limit.sfcc.shopper-context.rw sfcc.ts_ext_on_behalf_ofis used to get a System on Behalf Of JWT for the shopper.Whew!
The overall request flow looks like this: https://gist.github.com/johnboxall/b824c4788bbc69d3fb6fab9a377af039
Sample code for validation looks like this: https://gist.github.com/johnboxall/6cc27a52eef1e95120a9ff9847243f67
In B2C Commerce 24.6, the addition of Shopper Context hooks will allow customers to call the Shopper Context endpoints more directly, removing the need for the Trusted System token dance assuming they add a hook to validate and allow context payloads they want shoppers to be able to set directly.
The text was updated successfully, but these errors were encountered: