addressing review comments - claude assisted

charithaT07 · charithaT07 · commit 8c7fb8bdeb82 · 2026-04-24T23:42:40.000+05:30
diff --git a/packages/b2c-tooling-sdk/src/auth/oauth-jwt.ts b/packages/b2c-tooling-sdk/src/auth/oauth-jwt.ts
@@ -22,6 +22,7 @@ import {
   invalidateCachedOAuthToken,
   decodeJWT,
 } from './oauth.js';
+import {globalAuthMiddlewareRegistry, applyAuthRequestMiddleware, applyAuthResponseMiddleware} from './middleware.js';
 
 /**
  * Configuration for JWT Bearer authentication.
@@ -325,15 +326,24 @@ export class JwtOAuthStrategy implements AuthStrategy {
       '[JwtOAuthStrategy] Sending JWT Bearer token request',
     );
 
-    const response = await fetch(tokenUrl, {
+    // Build request object for middleware
+    let request = new Request(tokenUrl, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/x-www-form-urlencoded',
-        // NO Authorization header - this is key difference from client_credentials
       },
       body: params.toString(),
     });
 
+    // Apply auth middleware (e.g., User-Agent)
+    const middleware = globalAuthMiddlewareRegistry.getMiddleware();
+    request = await applyAuthRequestMiddleware(request, middleware);
+
+    let response = await fetch(request);
+
+    // Apply auth response middleware
+    response = await applyAuthResponseMiddleware(request, response, middleware);
+
     if (!response.ok) {
       const errorText = await response.text();
       this.logger.error(
diff --git a/packages/b2c-tooling-sdk/src/clients/cdn-zones.ts b/packages/b2c-tooling-sdk/src/clients/cdn-zones.ts
@@ -16,6 +16,7 @@
 import createClient, {type Client} from 'openapi-fetch';
 import type {AuthStrategy} from '../auth/types.js';
 import {OAuthStrategy} from '../auth/oauth.js';
+import {JwtOAuthStrategy} from '../auth/oauth-jwt.js';
 import type {paths, components} from './cdn-zones.generated.js';
 import {createAuthMiddleware, createLoggingMiddleware} from './middleware.js';
 import {globalMiddlewareRegistry, type MiddlewareRegistry} from './middleware-registry.js';
@@ -219,8 +220,11 @@ export function createCdnZonesClient(
   const domainScopes = options?.readWrite ? CDN_ZONES_RW_SCOPES : CDN_ZONES_READ_SCOPES;
   const requiredScopes = config.scopes ?? [...domainScopes, buildTenantScope(config.tenantId)];
 
-  // If OAuth strategy, add required scopes; otherwise use as-is
-  const scopedAuth = auth instanceof OAuthStrategy ? auth.withAdditionalScopes(requiredScopes) : auth;
+  // If auth supports scopes, add required scopes; otherwise use as-is
+  const scopedAuth =
+    auth instanceof OAuthStrategy || auth instanceof JwtOAuthStrategy
+      ? auth.withAdditionalScopes(requiredScopes)
+      : auth;
 
   // Core middleware: auth first
   client.use(createAuthMiddleware(scopedAuth));
diff --git a/packages/b2c-tooling-sdk/src/clients/cip.ts b/packages/b2c-tooling-sdk/src/clients/cip.ts
@@ -9,6 +9,7 @@ import {createRequire} from 'node:module';
 import protobuf from 'protobufjs';
 import type {AuthStrategy, FetchInit} from '../auth/types.js';
 import {OAuthStrategy} from '../auth/oauth.js';
+import {JwtOAuthStrategy} from '../auth/oauth-jwt.js';
 import {getLogger} from '../logging/logger.js';
 import {globalMiddlewareRegistry, type MiddlewareRegistry, type UnifiedMiddleware} from './middleware-registry.js';
 
@@ -790,6 +791,7 @@ export class CipClient {
  */
 export function createCipClient(config: CipClientConfig, auth: AuthStrategy): CipClient {
   const cipScope = `SALESFORCE_COMMERCE_API:${config.instance}`;
-  const scopedAuth = auth instanceof OAuthStrategy ? auth.withAdditionalScopes([cipScope]) : auth;
+  const scopedAuth =
+    auth instanceof OAuthStrategy || auth instanceof JwtOAuthStrategy ? auth.withAdditionalScopes([cipScope]) : auth;
   return new CipClient(config, scopedAuth);
 }
diff --git a/packages/b2c-tooling-sdk/src/clients/custom-apis.ts b/packages/b2c-tooling-sdk/src/clients/custom-apis.ts
@@ -15,6 +15,7 @@
 import createClient, {type Client} from 'openapi-fetch';
 import type {AuthStrategy} from '../auth/types.js';
 import {OAuthStrategy} from '../auth/oauth.js';
+import {JwtOAuthStrategy} from '../auth/oauth-jwt.js';
 import type {paths, components} from './custom-apis.generated.js';
 import {createAuthMiddleware, createLoggingMiddleware} from './middleware.js';
 import {globalMiddlewareRegistry, type MiddlewareRegistry} from './middleware-registry.js';
@@ -148,8 +149,11 @@ export function createCustomApisClient(config: CustomApisClientConfig, auth: Aut
   // Build required scopes: domain scope + tenant-specific scope
   const requiredScopes = config.scopes ?? [...CUSTOM_APIS_DEFAULT_SCOPES, buildTenantScope(config.tenantId)];
 
-  // If OAuth strategy, add required scopes; otherwise use as-is
-  const scopedAuth = auth instanceof OAuthStrategy ? auth.withAdditionalScopes(requiredScopes) : auth;
+  // If auth supports scopes, add required scopes; otherwise use as-is
+  const scopedAuth =
+    auth instanceof OAuthStrategy || auth instanceof JwtOAuthStrategy
+      ? auth.withAdditionalScopes(requiredScopes)
+      : auth;
 
   // Core middleware: auth first
   client.use(createAuthMiddleware(scopedAuth));
diff --git a/packages/b2c-tooling-sdk/src/clients/granular-replications.ts b/packages/b2c-tooling-sdk/src/clients/granular-replications.ts
@@ -9,6 +9,7 @@ import type {paths, components} from './granular-replications.generated.js';
 import {createAuthMiddleware, createLoggingMiddleware, createRateLimitMiddleware} from './middleware.js';
 import {globalMiddlewareRegistry, type MiddlewareRegistry} from './middleware-registry.js';
 import {OAuthStrategy} from '../auth/oauth.js';
+import {JwtOAuthStrategy} from '../auth/oauth-jwt.js';
 import {buildTenantScope, toOrganizationId, normalizeTenantId} from './custom-apis.js';
 
 export {toOrganizationId, normalizeTenantId, buildTenantScope};
@@ -88,7 +89,10 @@ export function createGranularReplicationsClient(
 
   // Build required scopes: domain scope + tenant-specific scope
   const requiredScopes = config.scopes ?? ['sfcc.granular-replications.rw', buildTenantScope(config.tenantId)];
-  const scopedAuth = auth instanceof OAuthStrategy ? auth.withAdditionalScopes(requiredScopes) : auth;
+  const scopedAuth =
+    auth instanceof OAuthStrategy || auth instanceof JwtOAuthStrategy
+      ? auth.withAdditionalScopes(requiredScopes)
+      : auth;
 
   client.use(createAuthMiddleware(scopedAuth));
 
diff --git a/packages/b2c-tooling-sdk/src/clients/scapi-schemas.ts b/packages/b2c-tooling-sdk/src/clients/scapi-schemas.ts
@@ -15,6 +15,7 @@
 import createClient, {type Client} from 'openapi-fetch';
 import type {AuthStrategy} from '../auth/types.js';
 import {OAuthStrategy} from '../auth/oauth.js';
+import {JwtOAuthStrategy} from '../auth/oauth-jwt.js';
 import type {paths, components} from './scapi-schemas.generated.js';
 import {createAuthMiddleware, createLoggingMiddleware} from './middleware.js';
 import {globalMiddlewareRegistry, type MiddlewareRegistry} from './middleware-registry.js';
@@ -185,8 +186,11 @@ export function createScapiSchemasClient(config: ScapiSchemasClientConfig, auth:
   // Build required scopes: domain scope + tenant-specific scope
   const requiredScopes = config.scopes ?? [...SCAPI_SCHEMAS_DEFAULT_SCOPES, buildTenantScope(config.tenantId)];
 
-  // If OAuth strategy, add required scopes; otherwise use as-is
-  const scopedAuth = auth instanceof OAuthStrategy ? auth.withAdditionalScopes(requiredScopes) : auth;
+  // If auth supports scopes, add required scopes; otherwise use as-is
+  const scopedAuth =
+    auth instanceof OAuthStrategy || auth instanceof JwtOAuthStrategy
+      ? auth.withAdditionalScopes(requiredScopes)
+      : auth;
 
   // Core middleware: auth first
   client.use(createAuthMiddleware(scopedAuth));
