Skip to content

[DO NOT MERGE] Feature: Passwordless Login and Password Reset supports use of email mode #3525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
hajinsuha1 wants to merge 8 commits into
base: develop
Choose a base branch
from
Draft

[DO NOT MERGE] Feature: Passwordless Login and Password Reset supports use of email mode #3525

hajinsuha1 wants to merge 8 commits into from

Conversation

@hajinsuha1
Copy link
Collaborator

@hajinsuha1 hajinsuha1 commented Dec 17, 2025
edited
Loading

Description

This feature allows the mode for passwordless login and password reset to be configured in default.js.
It also changes the default from callback to email which uses the SLAS native email service.

This branch contains the following PRs:

After this PR is merged, to ensure the changes to the E2E tests pass the following PR that updates the extra-features-e2e-branch will need to be merged

Types of Changes

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Documentation update
  • Breaking change (could cause existing functionality to not work as expected)
  • Other changes (non-breaking changes that does not fit any of the above)

Breaking changes include:

  • Removing a public function or component or prop
  • Adding a required argument to a function
  • Changing the data type of a function parameter or return value
  • Adding a new peer dependency to package.json

Changes

template-retail-react-app

  • support setting passwordless login mode in config
  • Set default passwordless mode to 'email' for apps created via pwa-kit-create-app
  • Update password reset to use email mode by default. The mode can now be configured via default.js
  • update passwordless login extra-features e2e tests
  • update "Continue Securely" button to "Continue"

commerce-sdk-react

  • Update getPasswordResetToken to default locale to the one in CommerceApiProvider and pass callback_uri and idp_name only when they are defined
  • Update resetPassword to default hint to cross_device and pass code_verifier only when it is defined
    pwa-kit-create-app
  • Update default.js and /_app-config/index.jsx template to use email mode by default for passwordless login and password reset.

How to Test-Drive This PR

  • (step1)

Checklists

General

  • Changes are covered by test cases
  • CHANGELOG.md updated with a short description of changes (not required for documentation updates)

Accessibility Compliance

You must check off all items in one of the follow two lists:

  • There are no changes to UI

or...

Localization

  • Changes include a UI text update in the Retail React App (which requires translation)

@hajinsuha1
@W-20279798 support setting passwordless login mode in config (#3492)
7877887 
* Add passwordless login mode configuration with email as default
* Update authorizePasswordless to require mode parameter and add locale support
* Remove commented out passwordless callbackURI configuration
* Remove passwordlessCallbackURI variable and simplify callbackURI condition in authorizePasswordlessLogin
* Remove conditional callbackURI spread and add mode parameter to checkout passwordless login
* Add buildCallbackURL utility function and conditionally spread callbackURI in passwordless login
* Rename buildCallbackURL to buildAbsoluteUrl and make passwordlessLoginCallbackURI optional
* update unit tests in template-retail-react-app and fix passwordless mode in login page
* make authorizePasswordless backward compatible and add unit tests for commerce-sdk-react
* Make passwordlessLoginCallbackURI non-optional with empty string default
* update changelog
* Use endsWith() to match passwordless login landing path and add test for localized paths
@hajinsuha1
Merge branch 'develop' into feature/email-otp
22b6a36
@cc-prodsec
Copy link
Collaborator

cc-prodsec commented Dec 17, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@hajinsuha1 hajinsuha1 added the do not merge No matter what, do not merge this pr label Dec 17, 2025
hajinsuha1
hajinsuha1 commented Dec 29, 2025
View reviewed changes
packages/commerce-sdk-react/src/auth/index.ts
callbackURI?: string
userid: string
mode?: string
mode?: 'email' | 'callback'
Copy link
Collaborator Author

@hajinsuha1 hajinsuha1 Dec 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this a breaking change? Should i keep the type as a general string?

@hajinsuha1 hajinsuha1 changed the title [DRAFT][DO NOT MERGE] Feature: Passwordless Login using SLAS Native Email OTP Feature: Passwordless Login using SLAS Native Email OTP Dec 30, 2025
@hajinsuha1 hajinsuha1 changed the title Feature: Passwordless Login using SLAS Native Email OTP [DO NOT MERGE] Feature: Passwordless Login using SLAS Native Email OTP Dec 30, 2025
@hajinsuha1
@W-20342599 Password Reset uses email mode (#3547)
11be87e 
* Update getPasswordResetToken to default locale to the one in CommerceApiProvider and pass callback_uri and idp_name only when they are defined
* Update resetPassword to default hint to cross_device and pass code_verifier only when it is defined
pwa-kit-create-app
* Update default.js and /_app-config/index.jsx template to use email mode by default for passwordless login and password reset.
* Update password reset to use email mode by default. The mode can now be configured via default.js
@hajinsuha1 hajinsuha1 mentioned this pull request Jan 5, 2026
Open
12 tasks
@hajinsuha1
@W-20279800 Update Passwordless E2E tests and change "Continue Secure…
d9ed864 
…ly" to "Continue" (#3556)

* update passwordless and password reset e2e tests to veirfy mode email is used

* Update EXTRA_FEATURES_E2E_RETAIL_APP_HOME to support environment variable configuration

* Update mobile e2e tests to verify 'email' mode for passwordless login and password reset requests

* update "continue securely" to "continue"
@hajinsuha1 hajinsuha1 changed the title [DO NOT MERGE] Feature: Passwordless Login using SLAS Native Email OTP [DO NOT MERGE] Feature: Passwordless Login and Password Reset supports use of SLAS Native Email OTP Jan 8, 2026
@hajinsuha1 hajinsuha1 changed the title [DO NOT MERGE] Feature: Passwordless Login and Password Reset supports use of SLAS Native Email OTP [DO NOT MERGE] Feature: Passwordless Login and Password Reset supports use of email mode Jan 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do not merge No matter what, do not merge this pr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hajinsuha1 @cc-prodsec