@W-19425801 Guest Shopper Flow (#3417)

* initial changes

* tests and other adjustments

* fix to eliminate the OTP modal fluctuating its visibility

* clean up code

* skip changelog

* cleanup the hook

* translations

* guest flow changes

* merge basket change (#3448)

* avoid duplicate OTP

* tweak for returning vs newly regstered guest users

* tests and lint

* minor changes

* address code review comment

* fix lint in commerce-sdk-react

* refactor minor

---------

Co-authored-by: kumaravinashcommercecloud <[email protected]>

Author: 2 people

packages/commerce-sdk-react/src/auth/index.ts

@@ -21,7 +21,6 @@ import {
     isOriginTrusted,
     onClient,
     getDefaultCookieAttributes,
-    isAbsoluteUrl,
     stringToBase64,
     extractCustomParameters
 } from '../utils'
@@ -96,10 +95,19 @@ type AuthorizePasswordlessParams = {
     callbackURI?: string
     userid: string
     mode?: string
+    /** When true, SLAS will register the customer as part of the passwordless flow */
+    register_customer?: boolean | string
+    /** Optional registration details forwarded to SLAS when register_customer=true */
+    first_name?: string
+    last_name?: string
+    email?: string
+    phone_number?: string
 }
 
 type GetPasswordLessAccessTokenParams = {
     pwdlessLoginToken: string
+    /** When true, SLAS will register the customer if not already registered */
+    register_customer?: boolean | string
 }
 
 /**
@@ -1260,26 +1268,54 @@ class Auth {
      * A wrapper method for commerce-sdk-isomorphic helper: authorizePasswordless.
      */
     async authorizePasswordless(parameters: AuthorizePasswordlessParams) {
+        const slasClient = this.client
         const usid = this.get('usid')
         const callbackURI = parameters.callbackURI || this.passwordlessLoginCallbackURI
-        const finalMode = callbackURI ? 'callback' : parameters.mode || 'sms'
+        const finalMode = parameters.mode || (callbackURI ? 'callback' : 'sms')
 
-        const res = await helpers.authorizePasswordless({
-            slasClient: this.client,
-            credentials: {
-                clientSecret: this.clientSecret
+        const options = {
+            headers: {
+                Authorization: ''
             },
             parameters: {
-                ...(callbackURI && {callbackURI: callbackURI}),
+                ...(parameters.register_customer !== undefined && {
+                    register_customer:
+                        typeof parameters.register_customer === 'boolean'
+                            ? String(parameters.register_customer)
+                            : parameters.register_customer
+                })
+            },
+            body: {
+                user_id: parameters.userid,
+                mode: finalMode,
+                // Include usid and site as required by SLAS
                 ...(usid && {usid}),
-                userid: parameters.userid,
-                mode: finalMode
+                channel_id: slasClient.clientConfig.parameters.siteId,
+                ...(callbackURI && {callback_uri: callbackURI}),
+                ...(parameters.last_name && {last_name: parameters.last_name}),
+                ...(parameters.email && {email: parameters.email}),
+                ...(parameters.first_name && {first_name: parameters.first_name}),
+                ...(parameters.phone_number && {phone_number: parameters.phone_number})
             }
-        })
-        if (res && res.status !== 200) {
-            const errorData = await res.json()
-            throw new Error(`${res.status} ${String(errorData.message)}`)
+        } as {
+            headers?: {[key: string]: string}
+            parameters?: Record<string, string>
+            body: ShopperLoginTypes.authorizePasswordlessCustomerBodyType &
+                helpers.CustomRequestBody
         }
+
+        // Use Basic auth header when using private client
+        if (this.clientSecret) {
+            options.headers = options.headers || {}
+            options.headers.Authorization = `Basic ${stringToBase64(
+                `${slasClient.clientConfig.parameters.clientId}:${this.clientSecret}`
+            )}`
+        } else {
+            // If not using private client, avoid sending Authorization header
+            delete options.headers
+        }
+
+        const res = await slasClient.authorizePasswordlessCustomer(options)
         return res
     }
 
@@ -1289,14 +1325,22 @@ class Auth {
     async getPasswordLessAccessToken(parameters: GetPasswordLessAccessTokenParams) {
         const pwdlessLoginToken = parameters.pwdlessLoginToken || ''
         const dntPref = this.getDnt({includeDefaults: true})
+        const usid = this.get('usid')
         const token = await helpers.getPasswordLessAccessToken({
             slasClient: this.client,
             credentials: {
                 clientSecret: this.clientSecret
             },
             parameters: {
                 pwdlessLoginToken,
-                dnt: dntPref !== undefined ? String(dntPref) : undefined
+                dnt: dntPref !== undefined ? String(dntPref) : undefined,
+                ...(usid && {usid}),
+                ...(parameters.register_customer !== undefined && {
+                    register_customer:
+                        typeof parameters.register_customer === 'boolean'
+                            ? String(parameters.register_customer)
+                            : parameters.register_customer
+                })
             }
         })
         const isGuest = false

packages/template-retail-react-app/app/hooks/use-basket-recovery.js

@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2025, Salesforce, Inc.
+ * All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+import {useCommerceApi} from '@salesforce/commerce-sdk-react'
+import useAuthContext from '@salesforce/commerce-sdk-react/hooks/useAuthContext'
+import {useShopperBasketsMutation} from '@salesforce/commerce-sdk-react'
+
+// Dev-only debug logger to keep recovery silent in production
+const devDebug = (...args) => {
+    if (process.env.NODE_ENV !== 'production') {
+        console.debug(...args)
+    }
+}
+
+/**
+ * Reusable basket recovery hook to stabilize basket after OTP/auth swap.
+ * - Attempts merge (if caller already merged, pass skipMerge=true)
+ * - Hydrates destination basket by id with retry
+ * - Fallbacks to create/copy items and re-apply shipping
+ */
+const useBasketRecovery = () => {
+    const api = useCommerceApi()
+    const auth = useAuthContext()
+
+    const mergeBasket = useShopperBasketsMutation('mergeBasket')
+    const createBasket = useShopperBasketsMutation('createBasket')
+    const addItemToBasket = useShopperBasketsMutation('addItemToBasket')
+    const updateShippingAddressForShipment = useShopperBasketsMutation(
+        'updateShippingAddressForShipment'
+    )
+    const updateShippingMethodForShipment = useShopperBasketsMutation(
+        'updateShippingMethodForShipment'
+    )
+
+    const copyItemsAndShipping = async (
+        destinationBasketId,
+        items = [],
+        shipment = null,
+        shipmentId = 'me'
+    ) => {
+        if (items?.length) {
+            const payload = items.map((item) => {
+                const productId = item.productId || item.product_id || item.id || item.product?.id
+                const quantity = item.quantity || item.amount || 1
+                const variationAttributes =
+                    item.variationAttributes || item.variation_attributes || []
+                const optionItems = item.optionItems || item.option_items || []
+                const mappedVariations = Array.isArray(variationAttributes)
+                    ? variationAttributes.map((v) => ({
+                          attributeId: v.attributeId || v.attribute_id || v.id,
+                          valueId: v.valueId || v.value_id || v.value
+                      }))
+                    : []
+                const mappedOptions = Array.isArray(optionItems)
+                    ? optionItems.map((o) => ({
+                          optionId: o.optionId || o.option_id || o.id,
+                          optionValueId:
+                              o.optionValueId || o.optionValue || o.option_value || o.value
+                      }))
+                    : []
+                const obj = {productId, quantity}
+                if (mappedVariations.length) obj.variationAttributes = mappedVariations
+                if (mappedOptions.length) obj.optionItems = mappedOptions
+                return obj
+            })
+            await addItemToBasket.mutateAsync({
+                parameters: {basketId: destinationBasketId},
+                body: payload
+            })
+        }
+
+        if (shipment) {
+            const shippingAddress = shipment.shippingAddress
+            if (shippingAddress) {
+                await updateShippingAddressForShipment.mutateAsync({
+                    parameters: {basketId: destinationBasketId, shipmentId},
+                    body: {
+                        address1: shippingAddress.address1,
+                        address2: shippingAddress.address2,
+                        city: shippingAddress.city,
+                        countryCode: shippingAddress.countryCode,
+                        firstName: shippingAddress.firstName,
+                        lastName: shippingAddress.lastName,
+                        phone: shippingAddress.phone,
+                        postalCode: shippingAddress.postalCode,
+                        stateCode: shippingAddress.stateCode
+                    }
+                })
+            }
+            const methodId = shipment?.shippingMethod?.id
+            if (methodId) {
+                await updateShippingMethodForShipment.mutateAsync({
+                    parameters: {basketId: destinationBasketId, shipmentId},
+                    body: {id: methodId}
+                })
+            }
+        }
+    }
+
+    const recoverBasketAfterAuth = async ({
+        preLoginItems = [],
+        shipment = null,
+        doMerge = true
+    } = {}) => {
+        // Ensure fresh token in provider
+        await auth.refreshAccessToken()
+
+        let destinationBasketId
+        if (doMerge) {
+            try {
+                const merged = await mergeBasket.mutateAsync({
+                    parameters: {createDestinationBasket: true}
+                })
+                destinationBasketId = merged?.basketId || merged?.basket_id || merged?.id
+            } catch (_e) {
+                devDebug('useBasketRecovery: mergeBasket failed; proceeding without merge', _e)
+            }
+        }
+
+        if (!destinationBasketId) {
+            try {
+                const list = await api.shopperCustomers.getCustomerBaskets({
+                    parameters: {customerId: 'me'}
+                })
+                destinationBasketId = list?.baskets?.[0]?.basketId
+            } catch (_e) {
+                devDebug(
+                    'useBasketRecovery: getCustomerBaskets failed; will attempt hydration/create',
+                    _e
+                )
+            }
+        }
+
+        if (destinationBasketId) {
+            // Avoid triggering a hook-level refetch that can cause UI remounts.
+            // Instead, probe the destination basket directly for shipment id.
+            let hydrated = null
+            try {
+                hydrated = await api.shopperBaskets.getBasket({
+                    headers: {authorization: `Bearer ${auth.get('access_token')}`},
+                    parameters: {basketId: destinationBasketId}
+                })
+            } catch (_e) {
+                devDebug('useBasketRecovery: getBasket hydration failed', _e)
+                hydrated = null
+            }
+            if (!hydrated) {
+                try {
+                    const created = await createBasket.mutateAsync({})
+                    destinationBasketId =
+                        created?.basketId ||
+                        created?.basket_id ||
+                        created?.id ||
+                        destinationBasketId
+                    await copyItemsAndShipping(destinationBasketId, preLoginItems, shipment)
+                } catch (_e) {
+                    devDebug(
+                        'useBasketRecovery: createBasket/copyItems failed during hydration path',
+                        _e
+                    )
+                }
+            } else if (shipment) {
+                // PII (shipping address/method) is not merged by API; re-apply from snapshot
+                try {
+                    const effectiveDestId = hydrated?.basketId || destinationBasketId
+                    const destShipmentId =
+                        hydrated?.shipments?.[0]?.shipmentId || hydrated?.shipments?.[0]?.id || 'me'
+                    await copyItemsAndShipping(effectiveDestId, [], shipment, destShipmentId)
+                } catch (_e) {
+                    devDebug('useBasketRecovery: re-applying shipping from snapshot failed', _e)
+                }
+            }
+        } else {
+            try {
+                const created = await createBasket.mutateAsync({})
+                destinationBasketId = created?.basketId || created?.basket_id || created?.id
+                await copyItemsAndShipping(destinationBasketId, preLoginItems, shipment)
+            } catch (_e) {
+                devDebug('useBasketRecovery: createBasket/copyItems failed in fallback path', _e)
+            }
+        }
+
+        return destinationBasketId
+    }
+
+    return {recoverBasketAfterAuth}
+}
+
+export default useBasketRecovery