Created
January 12, 2023 19:04
-
-
Save johnboxall/d60c5982ccf7c9e9e34250cc5677b645 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Trusted Agent on Behalf of Demo: | |
| # | |
| # https://developer.salesforce.com/docs/commerce/commerce-api/references/shopper-login?meta=getTrustedAgentAuthorizationToken | |
| # SLAS Client requires `sfcc.ta_ext_on_behalf_of` scope. | |
| set -eou pipefail | |
| CODE='kv7kzm78' | |
| ORG='f_ecom_zzrf_001' | |
| CLIENT='8eefe333-cac4-4cbe-ad1c-a7336693acbc' | |
| SITE='RefArch' | |
| REDIRECT='http://localhost:3000/callback' | |
| # Agents cannot shop as themselves! | |
| SHOPPER='[email protected]' | |
| AGENT='[email protected]' | |
| echo '1. Generate Code Verifier / Code Challenge...' | |
| VERIFIER=$( | |
| openssl rand -base64 96 | tr -d '\n' |tr '/+' '_-' | tr -d '=') | |
| CHALLENGE=$( | |
| echo -n $VERIFIER | openssl dgst -binary -sha256 | openssl base64 -A | tr '/' '_' | tr '+' '-' | tr -d '=') | |
| echo '2. Get Trusted Agent Authorization URL...' | |
| BASE="https://$CODE.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/$ORG/oauth2/trusted-agent" | |
| AUTH_URL=$( | |
| curl "$BASE/authorize" \ | |
| -sS --get \ | |
| --data "client_id=$CLIENT" \ | |
| --data "channel_id=$SITE" \ | |
| --data "code_challenge=$CHALLENGE" \ | |
| --data-urlencode "login_id=$SHOPPER" \ | |
| --data "response_type=code" \ | |
| --data "redirect_uri=$REDIRECT" \ | |
| --data "idp_origin=ecom" \ | |
| -D- \ | |
| | grep -i 'location' | cut -d' ' -f2 | tr -d '\n\r') | |
| echo -n "3. Opening Authorization URL in browser... come back with the code!" | |
| open "$AUTH_URL" | |
| read CODE | |
| echo '3. Exchange the code for a JWT...' | |
| curl "$BASE/token" \ | |
| -sSH "Authorization: Bearer $CODE" \ | |
| --data 'grant_type=client_credentials' \ | |
| --data "client_id=$CLIENT" \ | |
| --data 'idp_origin=ecom' \ | |
| --data-urlencode "login_id=$SHOPPER" \ | |
| --data-urlencode "agent_id=$AGENT" \ | |
| --data "channel_id=$SITE" \ | |
| --data "code_verifier=$VERIFIER" | jq |
@johnboxall, /oauth2/trusted-agent/token appears to be giving me { "status_code": "403 FORBIDDEN", "message": "AM SSO Unauthorized!"}.
Is there any cookie to be set or any setting in BM?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @johnboxall , Thanks for sharing this!
This might be inappropriate place to ask, but by any chance, do you know why app on behalf of logged-in agent can't perform some SCAPI calls like
/mobify/proxy/api/search/shopper-search/v1/organizations/org_id/product-search? SCAPI returns response with 403 code and detailAccess to resource 'GET /shop/v22_8/product_search' isn't allowed for current user.Thanks in advance for the response!