---
editLink: false
lastUpdated: false
---

[@salesforce/b2c-tooling-sdk](../../modules.md) / [auth](../index.md) / StatefulOAuthStrategy

# Class: StatefulOAuthStrategy

Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:32](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L32)

Auth strategy that uses the stateful store (sfcc-ci compatible).
On 401, attempts to refresh using stored refresh_token or client_credentials (renew base);
on refresh failure clears the stored session.

## Implements

- [`AuthStrategy`](../interfaces/AuthStrategy.md)

## Constructors

### Constructor

> **new StatefulOAuthStrategy**(`session`, `options`): `StatefulOAuthStrategy`

Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:46](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L46)

Creates a new StatefulOAuthStrategy instance.

#### Parameters

##### session

[`StatefulSession`](../interfaces/StatefulSession.md)

The stateful session containing clientId, accessToken, and optional refresh/renew credentials

##### options

[`StatefulOAuthStrategyOptions`](../interfaces/StatefulOAuthStrategyOptions.md)

Strategy configuration options

#### Returns

`StatefulOAuthStrategy`

## Methods

### fetch()

> **fetch**(`url`, `init`): `Promise`\<`Response`\>

Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:52](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L52)

Performs a fetch request with authentication.
Implementations MUST handle header injection and 401 retries (token refresh) internally.

#### Parameters

##### url

`string`

##### init

[`FetchInit`](../type-aliases/FetchInit.md) = `{}`

#### Returns

`Promise`\<`Response`\>

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`fetch`](../interfaces/AuthStrategy.md#fetch)

***

### getAuthorizationHeader()

> **getAuthorizationHeader**(): `Promise`\<`string`\>

Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:90](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L90)

Optional: Helper for legacy clients (like a strict WebDAV lib) that need the raw header.

#### Returns

`Promise`\<`string`\>

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`getAuthorizationHeader`](../interfaces/AuthStrategy.md#getauthorizationheader)

***

### getJWT()

> **getJWT**(): `Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\>

Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:104](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L104)

#### Returns

`Promise`\<[`DecodedJWT`](../interfaces/DecodedJWT.md)\>

***

### getTokenResponse()

> **getTokenResponse**(): `Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\>

Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:98](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L98)

Returns the current token as AccessTokenResponse (expires/scopes from JWT).

#### Returns

`Promise`\<[`AccessTokenResponse`](../interfaces/AccessTokenResponse.md)\>

***

### invalidateToken()

> **invalidateToken**(): `void`

Defined in: [packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts:109](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/stateful-oauth-strategy.ts#L109)

Optional: Invalidates the cached token, forcing re-authentication on next request.
Used by middleware to retry requests after receiving a 401 response.

#### Returns

`void`

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`invalidateToken`](../interfaces/AuthStrategy.md#invalidatetoken)
