Feature: Passwordless Login and Password Reset supports use of email mode

e2e/config.js

@@ -170,6 +170,7 @@ module.exports = {
     PWA_E2E_USER_EMAIL: process.env.PWA_E2E_USER_EMAIL,
     PWA_E2E_USER_PASSWORD: process.env.PWA_E2E_USER_PASSWORD,
     EXTRA_FEATURES_E2E_RETAIL_APP_HOME:
+        process.env.EXTRA_FEATURES_E2E_RETAIL_APP_HOME ||
         'https://scaffold-pwa-extra-features-e2e.mobify-storefront.com',
     EXTRA_FEATURES_E2E_RETAIL_APP_HOME_SITE: 'RefArchGlobal'
 }

e2e/tests/desktop/extra-features.spec.js

@@ -32,7 +32,7 @@ test('Verify passwordless login request', async ({page}) => {
     await page.locator('#email').scrollIntoViewIfNeeded()
     await page.fill('#email', config.PWA_E2E_USER_EMAIL)
 
-    await page.getByRole('button', {name: 'Continue Securely'}).click()
+    await page.getByRole('button', {name: 'Continue'}).click()
 
     await page.waitForResponse(
         '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/passwordless/login'
@@ -47,12 +47,11 @@ test('Verify passwordless login request', async ({page}) => {
     const params = new URLSearchParams(postData)
 
     expect(params.get('user_id')).toBe(config.PWA_E2E_USER_EMAIL)
-    expect(params.get('mode')).toBe('callback')
+    expect(params.get('mode')).toBe('email')
     expect(params.get('channel_id')).toBe(config.EXTRA_FEATURES_E2E_RETAIL_APP_HOME_SITE)
-    expect(params.get('callback_uri')).toMatch(/.*\/passwordless-login-callback$/)
 })
 
-test('Verify password reset callback request', async ({page}) => {
+test('Verify password reset request', async ({page}) => {
     let interceptedRequest = null
 
     await page.route(
@@ -88,16 +87,13 @@ test('Verify password reset callback request', async ({page}) => {
     const params = new URLSearchParams(postData)
 
     expect(params.get('user_id')).toBe(config.PWA_E2E_USER_EMAIL)
-    expect(params.get('mode')).toBe('callback')
+    expect(params.get('mode')).toBe('email')
     expect(params.get('channel_id')).toBe(config.EXTRA_FEATURES_E2E_RETAIL_APP_HOME_SITE)
-    expect(params.get('callback_uri')).toMatch(/.*\/reset-password-callback$/)
     expect(params.get('hint')).toBe('cross_device')
 })
 
 // Verify on the login UI that looks different when extra login features are not enabled
-test('Verify password reset callback request when extra login features are not enabled', async ({
-    page
-}) => {
+test('Verify password reset request when extra login features are not enabled', async ({page}) => {
     let interceptedRequest = null
 
     await page.route(
@@ -132,13 +128,12 @@ test('Verify password reset callback request when extra login features are not e
     const params = new URLSearchParams(postData)
 
     expect(params.get('user_id')).toBe(config.PWA_E2E_USER_EMAIL)
-    expect(params.get('mode')).toBe('callback')
+    expect(params.get('mode')).toBe('email')
     expect(params.get('channel_id')).toBe(config.RETAIL_APP_HOME_SITE)
-    expect(params.get('callback_uri')).toMatch(/.*\/reset-password-callback$/)
     expect(params.get('hint')).toBe('cross_device')
 })
 
-test('Verify password reset request', async ({page}) => {
+test('Verify password reset action request', async ({page}) => {
     let interceptedRequest = null
     await page.route(
         '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/password/action',

e2e/tests/mobile/extra-features.spec.js

@@ -33,8 +33,8 @@ test('Verify passwordless login request on mobile', async ({page}) => {
     await page.locator('#email').scrollIntoViewIfNeeded()
     await page.fill('#email', config.PWA_E2E_USER_EMAIL)
 
-    await page.getByRole('button', {name: 'Continue Securely'}).scrollIntoViewIfNeeded()
-    await page.getByRole('button', {name: 'Continue Securely'}).click()
+    await page.getByRole('button', {name: 'Continue'}).scrollIntoViewIfNeeded()
+    await page.getByRole('button', {name: 'Continue'}).click()
 
     await page.waitForResponse(
         '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/passwordless/login'
@@ -49,14 +49,11 @@ test('Verify passwordless login request on mobile', async ({page}) => {
     const params = new URLSearchParams(postData)
 
     expect(params.get('user_id')).toBe(config.PWA_E2E_USER_EMAIL)
-    expect(params.get('mode')).toBe('callback')
+    expect(params.get('mode')).toBe('email')
     expect(params.get('channel_id')).toBe(config.EXTRA_FEATURES_E2E_RETAIL_APP_HOME_SITE)
-    expect(params.get('callback_uri')).toMatch(/.*\/passwordless-login-callback$/)
 })
 
-test('Verify password reset callback request on mobile (extra features enabled)', async ({
-    page
-}) => {
+test('Verify password reset request on mobile (extra features enabled)', async ({page}) => {
     let interceptedRequest = null
 
     await page.route(
@@ -92,13 +89,12 @@ test('Verify password reset callback request on mobile (extra features enabled)'
     const params = new URLSearchParams(postData)
 
     expect(params.get('user_id')).toBe(config.PWA_E2E_USER_EMAIL)
-    expect(params.get('mode')).toBe('callback')
+    expect(params.get('mode')).toBe('email')
     expect(params.get('channel_id')).toBe(config.EXTRA_FEATURES_E2E_RETAIL_APP_HOME_SITE)
-    expect(params.get('callback_uri')).toMatch(/.*\/reset-password-callback$/)
     expect(params.get('hint')).toBe('cross_device')
 })
 
-test('Verify password reset callback request on mobile when extra login features are not enabled', async ({
+test('Verify password reset request on mobile when extra login features are not enabled', async ({
     page
 }) => {
     let interceptedRequest = null
@@ -136,13 +132,12 @@ test('Verify password reset callback request on mobile when extra login features
     const params = new URLSearchParams(postData)
 
     expect(params.get('user_id')).toBe(config.PWA_E2E_USER_EMAIL)
-    expect(params.get('mode')).toBe('callback')
+    expect(params.get('mode')).toBe('email')
     expect(params.get('channel_id')).toBe(config.RETAIL_APP_HOME_SITE)
-    expect(params.get('callback_uri')).toMatch(/.*\/reset-password-callback$/)
     expect(params.get('hint')).toBe('cross_device')
 })
 
-test('Verify password reset request on mobile', async ({page}) => {
+test('Verify password reset action request on mobile', async ({page}) => {
     let interceptedRequest = null
     await page.route(
         '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/password/action',

packages/commerce-sdk-react/CHANGELOG.md

@@ -2,6 +2,11 @@
 - [Bugfix]Ensure code_verifier can be optional in resetPassword call [#3567](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3567)
 - [Improvement] Strengthening typescript types on custom endpoint options and fetchOptions types [#3589](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3589)
 
+- Update `authorizePasswordless` to pass locale and simplify mode selection to respect user's explicit mode choice while still defaulting to callback mode for backward compatibility [#3492](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3492)
+- Update `getPasswordResetToken` to pass locale, callback_uri and idp_name only when they are defined [#3547](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3547)
+- Update `resetPassword` to default hint to `cross_device` and pass code_verifier only when it is defined [#3547](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3547)
+- Update `getPasswordResetToken` to return raw response and throw an error with the error message if the status code is not 200 [#3574](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3574)
+
 ## v4.3.0 (Dec 17, 2025)
 
 - Upgrade to commerce-sdk-isomorphic v4.2.0 and introduce Shopper Configurations SCAPI integration [#3071](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3071)