Home > @poq/sdk-sfcc > ICustomersClient > postCustomersAuth
Obtains a new JWT (JSON Web Token) for a guest or registered customer. Tokens are returned as a HTTP Authorization:Bearer response header entry. These kinds of request are supported, as specified by the type: Type guest - creates a new guest (non-authenticated) customer and returns a token for the customer. Type credentials - authenticates credentials passed in the HTTP Authorization:Basic request header, returning a token for a successfully authenticated customer, otherwise it throws an AuthenticationFailedException. Type session - authenticates the customer (anonymous or registered) based on the dwsid and dwsecuretoken cookies. It returns a token for a successfully authenticated customer, otherwise it throws an AuthenticationFailedException. Type refresh - examines the token passed in the HTTP Authorization:Bearer request header and when valid returns a new token with an updated expiry time. For a request of type credentials: Updates profile attributes for the customer (for example, “last-visited”). Handles the maximum number of failed login attempts. For a request of type session: The session and corresponding dwsecuretoken must be active and valid. An expired session can’t be used. The dwsecuretoken cookie must have been used for at least one previous HTTPS request with the same dwsid cookie. Does not touch profile attributes for the registered customer (for example, “last-visited”), since this is not a real login. Returns different tokens for multiple requests with the same session id. Means, there should be only one call per session. About JWT The token contains 3 sections: the header section (specifies token type and algorithm used) the payload section (contains customer information, client id, issue and expiration time) finally the signature section records the token signature. A token is created and returned to the client whenever a registered customer logs in (type “credentials”) or a guest customer requests it (type “guest”). The token is returned in the response header as Authorization: Bearer –token– The client has to include the token in the request header as Authorization: Bearer –token– in any follow up request. The server declines any follow up requests without a token or which cannot be verified based on the token signature or expiration time. A token nearing its expiration time should be exchanged for a new one (type “refresh”). See “API Usage > JWT” for more details on using JWT as an authentication mechanism.
Signature:
postCustomersAuth(body: AuthRequest, authorization?: string, options?: RequestOptions): Promise<PoqResponse<Customer>>;
| Parameter | Type | Description |
|---|---|---|
| body | AuthRequest | |
| authorization | string | (Optional) Authorization:Basic for type credentials Authorization:Bearer for type refresh |
| options | RequestOptions | (Optional) Override http request option. |
Returns:
Promise<PoqResponse<Customer>>