@ W-21372057: Turnstile support in SDK for passwordless login#3695
Closed
kumaravinashcommercecloud wants to merge 6 commits intodevelopfrom
Closed
@ W-21372057: Turnstile support in SDK for passwordless login#3695kumaravinashcommercecloud wants to merge 6 commits intodevelopfrom
kumaravinashcommercecloud wants to merge 6 commits intodevelopfrom
Conversation
Collaborator
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
kumaravinashcommercecloud
force-pushed
the
avinash.Turnstile-SDK
branch
from
fb941e5 to
25c3342
Compare
syadupathi-sf
previously approved these changes
Feb 26, 2026
kumaravinashcommercecloud
dismissed stale reviews from dannyphan2000 and syadupathi-sf
via
f17d3da
shauryemahajanSF
approved these changes
Feb 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
Adds Cloudflare Turnstile support for passwordless login in commerce-sdk-react by sending the Turnstile token in authorizePasswordless requests so the BFF/MRT can verify it before forwarding to SLAS.
Changes
Extended AuthorizePasswordlessParams with turnstileResponse?: string.
When turnstileResponse is present, uses a custom fetch instead of the commerce-sdk-isomorphic helper (which does not send the token).
Custom fetch sends a POST to the SLAS proxy with turnstileResponse in the body.
Added slasClientBaseUrl for the custom fetch URL.
Improved error handling for non-200 responses (empty body, 404 for guest users).
Added authorizePasswordless with turnstileResponse uses custom fetch instead of helper.
Added authorizePasswordless with turnstileResponse throws on non-200 fetch response.
Adjusted existing error-handling test to use text() instead of json() for the mock response.
Design: https://docs.google.com/document/d/1qV1CVhtWWUGv_Q5On--PjohkNhDInUdUkqN-H4_VgE8/edit?tab=t.ax8cd1bs7a74
Description
Types of Changes
Changes
How to Test-Drive This PR
Checklists
General
Accessibility Compliance
You must check off all items in one of the follow two lists:
or...
Localization