Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEVDOCS-6188: [update] Login with JWT #882

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

DEVDOCS-6188: [update] Login with JWT #882

wants to merge 1 commit into from

Conversation

bc-traciporter
Copy link
Collaborator

@bc-traciporter bc-traciporter commented Mar 27, 2025
edited by jira bot
Loading

DEVDOCS-6188

What changed?

Describe the two options for logging in using a JWT

Release notes draft

Anything else?

ping {names}

@bc-traciporter bc-traciporter requested a review from 6juara9 March 27, 2025 14:59
@bc-traciporter bc-traciporter marked this pull request as ready for review March 27, 2025 15:07
6juara9
6juara9 reviewed Mar 28, 2025
View reviewed changes
Copy link
Contributor

@6juara9 6juara9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall I think we need to change our structure a little bit, we can use this one as a reference: https://developer.bigcommerce.com/docs/start/authentication/customer-login or even make some adjustments there: basic idea is that we use the same JWT token in loginWithCustomerLoginJwt mutation as we use in customer-login endpoint aka /login/token/{token}. It is generated by 3rd parties and everything is already described, we just need to provide some infromation about loginWithCustomerLoginJwt mutation there, that it is an alternative to HTTP endpoint 🙂

docs/start/authentication/graphql-storefront.mdx
Comment on lines +149 to +151
1. Current Customer API

The Current Customer API enables third-party services to securely authenticate a logged-in customer by accepting a signed JWT from BigCommerce. This allows the third party to verify the customer’s identity before granting access to sensitive information. For more details see the [Current Customer API](/docs/start/authentication/current-customer) article.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure whether it is the right endpoint, we have this one for authentication purposes: https://developer.bigcommerce.com/docs/start/authentication/customer-login, the one u described here https://developer.bigcommerce.com/docs/start/authentication/current-customer is just to retrieve the customer value (has nothing to do with authentication)

docs/start/authentication/graphql-storefront.mdx

2. `loginWithCustomerLoginJwt`

The `loginWithCustomerLoginJwt` mutation allows you to pass a customer JSON web token instead of the user's email and password. The JSON web token used can either be signed by a 3rd party or signed by BigCommerce. In this scenario, you will generate a JWT that contains key information in the payload for the login to be successful. You will use this JWT in the login mutation to receive a customer access token. For information on creating a JWT, see the [Customer Login API](/docs/start/authentication/customer-login) article for instructions.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The JSON web token used can either be signed by a 3rd party or signed by BigCommerce.

It is signed only by 3rd party :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@6juara9 6juara9 6juara9 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bc-traciporter @6juara9