SalesforceCommerceCloud · kumaravinashcommercecloud · Nov 10, 2025 · Nov 10, 2025 · Nov 10, 2025 · Jul 10, 2025
@@ -16,6 +16,10 @@
 - [Bugfix] Skip deleting dwsid on shopper login if hybrid auth is enabled for current site. [#3151](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3151)
 - Update Auth class and CommerceApiProvider to support custom headers in SCAPI requests [#3183](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3183)
 
+- [Bugfix] Skip deleting dwsid on shopper login if hybrid auth is enabled for current site. [#3151](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3151)
+
+- [Bugfix] Skip deleting dwsid on shopper login if hybrid auth is enabled for current site. [#3151](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3151)
+
 ## v3.4.0 (Jul 22, 2025)
 
 - Optionally disable auth init in CommerceApiProvider [#2629](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/2629)

@@ -1280,3 +1280,87 @@ describe('hybridAuthEnabled property toggles clearECOMSession', () => {
         expect(auth.get('dwsid')).toBe('test-dwsid-value')
     })
 })
+
+describe('hybridAuthEnabled property toggles clearECOMSession', () => {
+    beforeEach(() => {
+        jest.clearAllMocks()
+    })
+
+    test('clears DWSID cookie when hybridAuthEnabled is false', () => {
+        const auth = new Auth({...config, hybridAuthEnabled: false})
+
+        // Set a DWSID cookie value
+        // @ts-expect-error private method
+        auth.set('dwsid', 'test-dwsid-value')
+
+        // Verify the cookie was set
+        expect(auth.get('dwsid')).toBe('test-dwsid-value')
+
+        // Call clearECOMSession
+        // @ts-expect-error private method
+        auth.clearECOMSession()
+
+        // Verify the cookie was cleared
+        expect(auth.get('dwsid')).toBeFalsy()
+    })
+
+    test('does NOT clear DWSID cookie when hybridAuthEnabled is true', () => {
+        const auth = new Auth({...config, hybridAuthEnabled: true})
+
+        // Set a DWSID cookie value
+        // @ts-expect-error private method
+        auth.set('dwsid', 'test-dwsid-value')
+
+        // Verify the cookie was set
+        expect(auth.get('dwsid')).toBe('test-dwsid-value')
+
+        // Call clearECOMSession
+        // @ts-expect-error private method
+        auth.clearECOMSession()
+
+        // Verify the cookie was NOT cleared
+        expect(auth.get('dwsid')).toBe('test-dwsid-value')
+    })
+})
+
+describe('hybridAuthEnabled property toggles clearECOMSession', () => {
+    beforeEach(() => {
+        jest.clearAllMocks()
+    })
+
+    test('clears DWSID cookie when hybridAuthEnabled is false', () => {
+        const auth = new Auth({...config, hybridAuthEnabled: false})
+
+        // Set a DWSID cookie value
+        // @ts-expect-error private method
+        auth.set('dwsid', 'test-dwsid-value')
+
+        // Verify the cookie was set
+        expect(auth.get('dwsid')).toBe('test-dwsid-value')
+
+        // Call clearECOMSession
+        // @ts-expect-error private method
+        auth.clearECOMSession()
+
+        // Verify the cookie was cleared
+        expect(auth.get('dwsid')).toBeFalsy()
+    })
+
+    test('does NOT clear DWSID cookie when hybridAuthEnabled is true', () => {
+        const auth = new Auth({...config, hybridAuthEnabled: true})
+
+        // Set a DWSID cookie value
+        // @ts-expect-error private method
+        auth.set('dwsid', 'test-dwsid-value')
+
+        // Verify the cookie was set
+        expect(auth.get('dwsid')).toBe('test-dwsid-value')
+
+        // Call clearECOMSession
+        // @ts-expect-error private method
+        auth.clearECOMSession()
+
+        // Verify the cookie was NOT cleared
+        expect(auth.get('dwsid')).toBe('test-dwsid-value')
+    })
+})
@@ -21,7 +21,6 @@ import {
     isOriginTrusted,
     onClient,
     getDefaultCookieAttributes,
-    isAbsoluteUrl,
     stringToBase64,
     extractCustomParameters
 } from '../utils'
@@ -96,10 +95,19 @@ type AuthorizePasswordlessParams = {
     callbackURI?: string
     userid: string
     mode?: string
+    /** When true, SLAS will register the customer as part of the passwordless flow */
+    register_customer?: boolean | string
+    /** Optional registration details forwarded to SLAS when register_customer=true */
+    first_name?: string
+    last_name?: string
+    email?: string
+    phone_number?: string
 }
 
 type GetPasswordLessAccessTokenParams = {
     pwdlessLoginToken: string
+    /** When true, SLAS will register the customer if not already registered */
+    register_customer?: boolean | string
 }
 
 /**
@@ -1260,26 +1268,54 @@ class Auth {
      * A wrapper method for commerce-sdk-isomorphic helper: authorizePasswordless.
      */
     async authorizePasswordless(parameters: AuthorizePasswordlessParams) {
+        const slasClient = this.client
         const usid = this.get('usid')
         const callbackURI = parameters.callbackURI || this.passwordlessLoginCallbackURI
-        const finalMode = callbackURI ? 'callback' : parameters.mode || 'sms'
+        const finalMode = parameters.mode || (callbackURI ? 'callback' : 'sms')
 
-        const res = await helpers.authorizePasswordless({
-            slasClient: this.client,
-            credentials: {
-                clientSecret: this.clientSecret
+        const options = {
+            headers: {
+                Authorization: ''
             },
             parameters: {
-                ...(callbackURI && {callbackURI: callbackURI}),
+                ...(parameters.register_customer !== undefined && {
+                    register_customer:
+                        typeof parameters.register_customer === 'boolean'
+                            ? String(parameters.register_customer)
+                            : parameters.register_customer
+                })
+            },
+            body: {
+                user_id: parameters.userid,
+                mode: finalMode,
+                // Include usid and site as required by SLAS
                 ...(usid && {usid}),
-                userid: parameters.userid,
-                mode: finalMode
+                channel_id: slasClient.clientConfig.parameters.siteId,
+                ...(callbackURI && {callback_uri: callbackURI}),
+                ...(parameters.last_name && {last_name: parameters.last_name}),
+                ...(parameters.email && {email: parameters.email}),
+                ...(parameters.first_name && {first_name: parameters.first_name}),
+                ...(parameters.phone_number && {phone_number: parameters.phone_number})
             }
-        })
-        if (res && res.status !== 200) {
-            const errorData = await res.json()
-            throw new Error(`${res.status} ${String(errorData.message)}`)
+        } as {
+            headers?: {[key: string]: string}
+            parameters?: Record<string, string>
+            body: ShopperLoginTypes.authorizePasswordlessCustomerBodyType &
+                helpers.CustomRequestBody
         }
+
+        // Use Basic auth header when using private client
+        if (this.clientSecret) {
+            options.headers = options.headers || {}
+            options.headers.Authorization = `Basic ${stringToBase64(
+                `${slasClient.clientConfig.parameters.clientId}:${this.clientSecret}`
+            )}`
+        } else {
+            // If not using private client, avoid sending Authorization header
+            delete options.headers
+        }
+
+        const res = await slasClient.authorizePasswordlessCustomer(options)
         return res
     }
 
@@ -1289,14 +1325,22 @@ class Auth {
     async getPasswordLessAccessToken(parameters: GetPasswordLessAccessTokenParams) {
         const pwdlessLoginToken = parameters.pwdlessLoginToken || ''
         const dntPref = this.getDnt({includeDefaults: true})
+        const usid = this.get('usid')
         const token = await helpers.getPasswordLessAccessToken({
             slasClient: this.client,
             credentials: {
                 clientSecret: this.clientSecret
             },
             parameters: {
                 pwdlessLoginToken,
-                dnt: dntPref !== undefined ? String(dntPref) : undefined
+                dnt: dntPref !== undefined ? String(dntPref) : undefined,
+                ...(usid && {usid}),
+                ...(parameters.register_customer !== undefined && {
+                    register_customer:
+                        typeof parameters.register_customer === 'boolean'
+                            ? String(parameters.register_customer)
+                            : parameters.register_customer
+                })
             }
         })
         const isGuest = false

@@ -56,5 +56,6 @@ export const CLIENT_KEYS = {
     SHOPPER_PROMOTIONS: 'shopperPromotions',
     SHOPPER_SEARCH: 'shopperSearch',
     SHOPPER_SEO: 'shopperSeo',
-    SHOPPER_STORES: 'shopperStores'
+    SHOPPER_STORES: 'shopperStores',
+    SHOPPER_CONFIGURATIONS: 'shopperConfigurations'
 } as const
@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2023, Salesforce, Inc.
+ * All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+import {CLIENT_KEYS} from '../../constant'
+import {ApiClients, CacheUpdateMatrix} from '../types'
+
+const CLIENT_KEY = CLIENT_KEYS.SHOPPER_CONFIGURATIONS
+type Client = NonNullable<ApiClients[typeof CLIENT_KEY]>
+
+// ShopperConfigurations API is primarily for reading configuration data
+// No mutations are currently supported
+export const cacheUpdateMatrix: CacheUpdateMatrix<Client> = {}
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023, Salesforce, Inc.
+ * All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+import {renderHook} from '@testing-library/react'
+import {useConfigurations} from './query'
+
+describe('ShopperConfigurations', () => {
+    describe('useConfigurations', () => {
+        it('should be defined', () => {
+            expect(useConfigurations).toBeDefined()
+        })
+    })
+})
@@ -0,0 +1,7 @@
+/*
+ * Copyright (c) 2023, Salesforce, Inc.
+ * All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+export * from './query'
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2023, Salesforce, Inc.
+ * All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+import nock from 'nock'
+import {
+    mockQueryEndpoint,
+    renderHookWithProviders,
+    waitAndExpectError,
+    waitAndExpectSuccess,
+    createQueryClient
+} from '../../test-utils'
+
+import {Argument} from '../types'
+import * as queries from './query'
+
+jest.mock('../../auth/index.ts', () => {
+    const {default: mockAuth} = jest.requireActual('../../auth/index.ts')
+    mockAuth.prototype.ready = jest.fn().mockResolvedValue({access_token: 'access_token'})
+    return mockAuth
+})
+
+type Queries = typeof queries
+const configurationsEndpoint = '/organizations/'
+// Not all endpoints use all parameters, but unused parameters are safely discarded
+const OPTIONS: Argument<Queries[keyof Queries]> = {
+    parameters: {organizationId: 'f_ecom_zzrmy_orgf_001'}
+}
+
+// Mock data for configurations
+const mockConfigurationsData = {
+    configurations: [
+        {
+            id: 'gcp',
+            value: 'test-gcp-api-key'
+        },
+        {
+            id: 'einstein',
+            value: 'test-einstein-api-key'
+        }
+    ]
+}
+
+describe('Shopper Configurations query hooks', () => {
+    beforeEach(() => nock.cleanAll())
+    afterEach(() => {
+        expect(nock.pendingMocks()).toHaveLength(0)
+    })
+
+    test('`useConfigurations` has meta.displayName defined', async () => {
+        mockQueryEndpoint(configurationsEndpoint, mockConfigurationsData)
+        const queryClient = createQueryClient()
+        const {result} = renderHookWithProviders(
+            () => {
+                return queries.useConfigurations(OPTIONS)
+            },
+            {queryClient}
+        )
+        await waitAndExpectSuccess(() => result.current)
+        expect(queryClient.getQueryCache().getAll()[0].meta?.displayName).toBe('useConfigurations')
+    })
+
+    test('`useConfigurations` returns data on success', async () => {
+        mockQueryEndpoint(configurationsEndpoint, mockConfigurationsData)
+        const {result} = renderHookWithProviders(() => {
+            return queries.useConfigurations(OPTIONS)
+        })
+        await waitAndExpectSuccess(() => result.current)
+        expect(result.current.data).toEqual(mockConfigurationsData)
+    })
+
+    test('`useConfigurations` returns error on error', async () => {
+        mockQueryEndpoint(configurationsEndpoint, {}, 400)
+        const {result} = renderHookWithProviders(() => {
+            return queries.useConfigurations(OPTIONS)
+        })
+        await waitAndExpectError(() => result.current)
+    })
+
+    test('`useConfigurations` handles 500 server error', async () => {
+        mockQueryEndpoint(configurationsEndpoint, {}, 500)
+        const {result} = renderHookWithProviders(() => {
+            return queries.useConfigurations(OPTIONS)
+        })
+        await waitAndExpectError(() => result.current)
+    })
+})