@commercelayer/js-auth
Advanced tools
A JavaScript Library wrapper that helps you to use the Commerce Layer API for Authentication.
Commerce Layer is a headless platform that makes it easy to build enterprise-grade ecommerce into any website, by using the language, CMS, and tools you already master and love.
Commerce Layer JS Auth is available as an npm package.
// npm
npm install @commercelayer/js-auth
// yarn
yarn add @commercelayer/js-auth
To get an access token, you need to execute an OAuth 2.0 authorization flow by using a valid application as the client.
| Grant type | Sales channel | Integration | Webapp |
|---|---|---|---|
| Client credentials | ✅ | ✅ | |
| Password | ✅ | ||
| Refresh token | ✅ | ✅ | |
| Authorization code | ✅ |
Remember that, for security reasons, access tokens expire after 2 hours. Refresh tokens expire after 2 weeks.
import CLayerAuth from '@commercelayer/js-auth'
// or
import { salesChannel, integration, webapp } from '@commercelayer/js-auth'
Based on the authorization flow and application you want to use, you can get your access token in a few simple steps. These are the most common use cases:
Sales channel applications use the client credentials grant type to get a "guest" access token.
Create a sales channel application on Commerce Layer and take note of your API credentials (base endpoint, client ID, and the ID of the market you want to put in scope)
Use this code to get your access token:
const auth = await salesChannel({
clientId: 'your-client-id',
endpoint: 'https://yourdomain.commercelayer.io',
scopes: 'market:{id}'
})
console.log('My access token: ', auth.accessToken)
Sales channel applications can use the password grant type to exchange a customer credentials for an access token (i.e. to get a "logged" access token).
Create a sales channel application on Commerce Layer and take note of your API credentials (base endpoint, client ID, and the ID of the market you want to put in scope)
Use this code (changing user name and password with the customer credentials) to get the access token:
const auth = await salesChannel(
{
clientId: 'your-client-id',
endpoint: 'https://yourdomain.commercelayer.io',
scopes: 'market:{id}'
},
{
username: 'john@example.com',
password: 'secret'
}
)
console.log('My access token: ', auth.accessToken)
Sales channel applications can use the refresh token grant type to refresh a customer access token with a "remember me" option. So in this case, if the token is expired, you can refresh it by using the refresh() method:
const newToken = await auth.refresh()
Integration applications use the client credentials grant type to get an access token for themselves.
Create an integration application on Commerce Layer and take note of your API credentials (client ID, client secret, and base endpoint)
Use this code to get the access token:
const auth = await integration({
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
endpoint: 'https://yourdomain.commercelayer.io'
})
console.log('My access token: ', auth.accessToken)
Available only for browser applications
Webapp applications use the authorization code grant type to exchange an authorization code for an access token.
In this case, first you need to get an authorization code, then you can exchange it with an access token:
Create a webapp application on Commerce Layer and take note of your API credentials (client ID, client secret, callback URL, base endpoint, and the ID of the market you want to put in scope)
Use this code to open a new window and authorize your webapp on Commerce Layer:
const auth = await webapp({
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
callbackUrl: 'https://yourdomain.com/callback',
endpoint: 'https://yourdomain.commercelayer.io',
scopes: 'market:{id}'
})
Once you've authorized the application, you will be redirected to the callback URL. Use this code to get the access token:
// https://yourdomain.com/callback
const auth = await webapp({
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
callbackUrl: 'your-callback-url',
endpoint: 'https://yourdomain.commercelayer.io',
scopes: 'market:{id}',
location: `${location.href}` // triggers the access token request
})
console.log('My access token: ', auth.accessToken)
This repository is published under the MIT license.
FAQs
A JavaScript library designed to simplify authentication when interacting with the Commerce Layer API.
We found that @commercelayer/js-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.