Skip to main content

Hi Everyone,
Is it possible to do external OAuth (SSO) to fetch the customer specific access token?
I would like to do external-auth instead of password flow suggested in the documentation (/customers/token?grant_type=password&username=&password=)

 

I am not sure this documentation refers to project specific or commercetools customer specific integration.

https://docs.commercetools.com/api/authorization#requesting-an-access-token-using-an-external-oauth-server 

Hello Siva!  The documentation is indeed referring to project-specific OAuth integration, so your use case is supported.  For your customers, be sure to note this section regarding the /me endpoints

https://docs.commercetools.com/api/authorization#handling-permissions-for-customer-accounts-or-anonymous-sessions  

Thanks for your response @Josh Douglas 

I do have additional questions based on your response,

  1. Do i still need to use /me/login for the existing customers? (who has already completed OAuth externally). API expects password as a mandatory input
  2. I tried getting an updated access token from commercetools by adding an additional scope customer_id:xxx and couldn’t fetch the access token from below endpoint

/anonymous/token?grant_type=client_credentials

Any thoughts? Thank you.

Hey @siva-ramakrishnan ,

it depends a lot on your use case. I have seen quite some project implementations, where commercetools is not being used at all to validate the user. The request is going against an external SSO provider and the Backend for Frontend is then using the data to “just” load the customer from commercetools.
The BFF is then functioning with more or less and admin account to fetch the corresponding data from commercetools.

Does that make sense to you?

Yes that is correct, we do have a similar use case (validate-user doesn’t happen through commercetools) @Philipp Hofmann . We are suggested to not use commercetools password flow and me token for the BFF scenario. 

 

Reply


Terms & ConditionsCookie settings