From 03170ec8991037f07a8fae905a292fa831b18a65 Mon Sep 17 00:00:00 2001 From: Traci Porter Date: Thu, 27 Mar 2025 09:55:50 -0500 Subject: [PATCH 1/2] DEVDOCS-6188: [update] Login with JWT --- docs/start/authentication/graphql-storefront.mdx | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/start/authentication/graphql-storefront.mdx b/docs/start/authentication/graphql-storefront.mdx index cd3adde9e..de1559e57 100644 --- a/docs/start/authentication/graphql-storefront.mdx +++ b/docs/start/authentication/graphql-storefront.mdx @@ -144,11 +144,16 @@ mutation Login($email: String!, $pass: String!) { ###### Login with a JWT -The second option is to use the `loginWithCustomerLoginJwt` mutation to pass your customer JSON web token instead of the user's email and password. In this scenario, you will generate a JWT that contains key information in the payload for the login to be successful. You will use this JWT in the login mutation to receive a customer access token. +There are two options for logging in using a JWT. + +1. Current Customer API + +The Current Customer API enables third-party services to securely authenticate a logged-in customer by accepting a signed JWT from BigCommerce. This allows the third party to verify the customer’s identity before granting access to sensitive information. For more details see the [Current Customer API](/docs/start/authentication/current-customer) article. + +2. `loginWithCustomerLoginJwt` + +The `loginWithCustomerLoginJwt` mutation allows you to pass a customer JSON web token instead of the user's email and password. The JSON web token used can either be signed by a 3rd party or signed by BigCommerce. In this scenario, you will generate a JWT that contains key information in the payload for the login to be successful. You will use this JWT in the login mutation to receive a customer access token. For information on creating a JWT, see the [Customer Login API](/docs/start/authentication/customer-login) article for instructions. - -For information on creating a JWT, see the [Customer Login API](/docs/start/authentication/customer-login) article for instructions. - @@ -175,7 +180,7 @@ mutation Login($jwt: String!) { ``` ```json filename="GraphQL variables" showLineNumbers copy -{"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI3MjM3Mzc2Y3JiNnJrcTFhY2h3MmdrdTQ2M2FjeGk4IiwiaWF0IjoxNzIwODE0NjgyLCJqdGkiOiJhMDA1OGQ0MC0zNmExLTAxM2ItOTBmNC03ZThiMTE1MDA4YTIiLCJvcGVyYXRpb24iOiJjdXN0b21lcl9sb2dpbiIsInN0b3JlX2hhc2giOiJ3MGFzdGVlOWpvIiwiY3VzdG9tZXJfaWQiOjIyfQ.bfiEpk-IDCqQ4DqpErVCEUUQDjs-vtWxHsEufkUFqMs" +{"jwt": "your_jwt_token" } ``` From db4a108a5f182ebc8cac3d58090b9cdec47d3e16 Mon Sep 17 00:00:00 2001 From: Traci Porter Date: Mon, 7 Apr 2025 10:00:43 -0500 Subject: [PATCH 2/2] Update per Vitya's feedback --- docs/start/authentication/graphql-storefront.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/start/authentication/graphql-storefront.mdx b/docs/start/authentication/graphql-storefront.mdx index de1559e57..802aa9a1c 100644 --- a/docs/start/authentication/graphql-storefront.mdx +++ b/docs/start/authentication/graphql-storefront.mdx @@ -146,13 +146,13 @@ mutation Login($email: String!, $pass: String!) { There are two options for logging in using a JWT. -1. Current Customer API +1. Customer Login API -The Current Customer API enables third-party services to securely authenticate a logged-in customer by accepting a signed JWT from BigCommerce. This allows the third party to verify the customer’s identity before granting access to sensitive information. For more details see the [Current Customer API](/docs/start/authentication/current-customer) article. +The Customer Login API enables third-party services to securely authenticate a logged-in customer by accepting a signed JWT from BigCommerce. This allows the third party to verify the customer’s identity before granting access to sensitive information. For more details, see the [Customer Login API](/docs/start/authentication/customer-login) article. 2. `loginWithCustomerLoginJwt` -The `loginWithCustomerLoginJwt` mutation allows you to pass a customer JSON web token instead of the user's email and password. The JSON web token used can either be signed by a 3rd party or signed by BigCommerce. In this scenario, you will generate a JWT that contains key information in the payload for the login to be successful. You will use this JWT in the login mutation to receive a customer access token. For information on creating a JWT, see the [Customer Login API](/docs/start/authentication/customer-login) article for instructions. +The `loginWithCustomerLoginJwt` mutation allows you to pass a customer JSON web token instead of the user's email and password. A 3rd party signs the JSON web token used. In this scenario, you will generate a JWT that contains key information in the payload for the login to be successful. You will use this JWT in the login mutation to receive a customer access token. For instructions on creating a JWT, see the [Customer Login API](/docs/start/authentication/customer-login) article for instructions.