---
editLink: false
lastUpdated: false
---

[@salesforce/b2c-tooling-sdk](../../modules.md) / [auth](../index.md) / OAuthStrategy

# Class: OAuthStrategy

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:125](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/oauth.ts#L125)

OAuth 2.0 Client Credentials authentication strategy.

Implements the client credentials flow for automated/server-side authentication
with no user interaction required. Automatically manages token caching, expiration,
and 401 retry logic with single-flight token requests to prevent thundering herd
on the token endpoint.

## Example

```typescript
import { OAuthStrategy } from '@salesforce/b2c-tooling-sdk';

const auth = new OAuthStrategy({
  clientId: 'your-client-id',
  clientSecret: 'your-client-secret',
  scopes: ['sfcc.products'],
});

const response = await auth.fetch('https://api.example.com/products');
```

## Implements

- [`AuthStrategy`](../interfaces/AuthStrategy.md)

## Constructors

### Constructor

> **new OAuthStrategy**(`config`): `OAuthStrategy`

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:135](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/oauth.ts#L135)

Creates a new OAuthStrategy instance with the provided OAuth configuration.

#### Parameters

##### config

[`OAuthConfig`](../interfaces/OAuthConfig.md)

OAuth client credentials and optional configuration

#### Returns

`OAuthStrategy`

## Methods

### fetch()

> **fetch**(`url`, `init`): `Promise`\<`Response`\>

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:157](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/oauth.ts#L157)

Performs a fetch request with OAuth bearer token authentication.

Automatically injects the Authorization header and client ID header with a valid
access token. Implements 401 retry logic: if a previously-successful request
returns 401, invalidates the cached token and retries once with a fresh token.
Does not retry on initial 401 to avoid retrying with bad credentials.

#### Parameters

##### url

`string`

The URL to fetch

##### init

[`FetchInit`](../type-aliases/FetchInit.md) = `{}`

Optional fetch init options (headers, body, method, etc.)

#### Returns

`Promise`\<`Response`\>

The fetch response

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`fetch`](../interfaces/AuthStrategy.md#fetch)

***

### getAuthorizationHeader()

> **getAuthorizationHeader**(): `Promise`\<`string`\>

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:184](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/oauth.ts#L184)

Optional: Helper for legacy clients (like a strict WebDAV lib) that need the raw header.

#### Returns

`Promise`\<`string`\>

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`getAuthorizationHeader`](../interfaces/AuthStrategy.md#getauthorizationheader)

***

### getJWT()

> **getJWT**(): `Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\>

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:192](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/oauth.ts#L192)

Gets the decoded JWT payload

#### Returns

`Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\>

***

### getTokenResponse()

> **getTokenResponse**(): `Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\>

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:201](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/oauth.ts#L201)

Gets the full token response including expiration and scopes.
Useful for commands that need to display or return token metadata.

#### Returns

`Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\>

***

### invalidateToken()

> **invalidateToken**(): `void`

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:216](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/oauth.ts#L216)

Invalidates the cached token, forcing re-authentication on next request

#### Returns

`void`

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`invalidateToken`](../interfaces/AuthStrategy.md#invalidatetoken)

***

### withAdditionalScopes()

> **withAdditionalScopes**(`additionalScopes`): `OAuthStrategy`

Defined in: [packages/b2c-tooling-sdk/src/auth/oauth.ts:227](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/oauth.ts#L227)

Creates a new OAuthStrategy with additional scopes merged in.
Used by clients that have specific scope requirements.

#### Parameters

##### additionalScopes

`string`[]

Scopes to add to this strategy's existing scopes

#### Returns

`OAuthStrategy`

A new OAuthStrategy instance with merged scopes
