Run any Skill in Manus with one click

sfnext-authentication

Stars45

Forks12

UpdatedApril 24, 2026 at 15:36

Implement authentication in Storefront Next using split-cookie architecture, SLAS tokens, and auth middleware. Use when accessing user identity in loaders, detecting guest vs registered users, using getAuth or useAuth, or understanding session management and token refresh.

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

Run Skill in Manus

Source

SalesforceCommerceCloud

SalesforceCommerceCloud/b2c-developer-tooling

View GitHub Repository View Creator Repositories

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Software DevelopersComputer and Mathematical Occupations·SOC 15-1252

SKILL.md

readonly

name	sfnext-authentication
description	Implement authentication in Storefront Next using split-cookie architecture, SLAS tokens, and auth middleware. Use when accessing user identity in loaders, detecting guest vs registered users, using getAuth or useAuth, or understanding session management and token refresh.

Authentication Skill

This skill covers Storefront Next's split-cookie authentication architecture with SLAS (Shopper Login and API Access Service).

Overview

Storefront Next uses a split-cookie architecture separating server and client auth concerns:

Server middleware (auth.server.ts) — Manages SLAS tokens, writes cookies, handles token refresh
React Context (AuthProvider) — Provides public session data (non-sensitive fields) to components via useAuth()

Cookie Design

Cookie	Purpose	User Type	Expiry	HttpOnly
`cc-nx-g`	Guest refresh token	Guest	30 days	No
`cc-nx`	Registered refresh token	Registered	90 days	No
`cc-at`	Access token	Both	30 min	No
`usid`	User session ID	Both	Matches refresh	No
`customerId`	Customer ID	Registered	Matches refresh	No

Key points:

Only ONE refresh token exists at a time (guest OR registered, never both)
User type is derived from which refresh token is present
Cookies are auto-namespaced with siteId
Tokens auto-refresh when expired

Usage in Loaders/Actions

import { getAuth } from '@/middlewares/auth.server';

export function loader({ context }: LoaderFunctionArgs) {
    const auth = getAuth(context);

    const { accessToken, customerId, userType } = auth;
    const isGuest = userType === 'guest';
    const isRegistered = userType === 'registered';

    return { isGuest, customerId };
}

Usage in Components

import { useAuth } from '@/providers/auth';

export function MyComponent() {
    const auth = useAuth();

    if (auth?.userType === 'guest') {
        return <LoginPrompt />;
    }

    return <div>Welcome, customer {auth?.customerId}</div>;
}

Common Patterns

Protected Routes

export function loader({ context }: LoaderFunctionArgs) {
    const auth = getAuth(context);

    if (auth.userType === 'guest') {
        throw redirect('/login');
    }

    const clients = createApiClients(context);
    return {
        orders: clients.shopperOrders.getOrders({
            params: { path: { customerId: auth.customerId } }
        }).then(({ data }) => data),
    };
}

Conditional Data Loading

export function loader({ context }: LoaderFunctionArgs) {
    const auth = getAuth(context);
    const clients = createApiClients(context);

    const base = {
        products: clients.shopperProducts.getProducts({...}).then(({ data }) => data),
    };

    if (auth.userType === 'registered') {
        return {
            ...base,
            wishlist: clients.shopperCustomers.getWishlist({...}).then(({ data }) => data),
        };
    }

    return base;
}

Troubleshooting

Issue	Cause	Solution
`auth` is undefined	Missing auth middleware	Ensure `auth.server.ts` middleware is configured
Always guest	Refresh token expired	Check cookie expiry; SLAS auto-refreshes
Token errors in SCAPI	Stale access token	Tokens auto-refresh; check SLAS client configuration

Related Skills

storefront-next:sfnext-data-fetching - Using auth context in loader functions
storefront-next:sfnext-configuration - SLAS client configuration
storefront-next:sfnext-hybrid-storefronts - Session bridging with SFRA

More from this repository

same repository

b2c-cip

SalesforceCommerceCloud/b2c-developer-tooling

Run analytics reports and SQL queries against B2C Commerce Intelligence data using the b2c CLI. Use this skill whenever the user needs sales analytics, search query performance metrics, payment data, or KPI exports, OR technical/developer analytics such as SCAPI/OCAPI request volume, API error rates, response-time/latency distributions, cache hit ratios, or SFRA controller health. Also use when they need to discover available data tables, run custom SQL, or pull aggregate reports — even if they just say "show me sales data", "what are our top search terms", or "which SCAPI endpoints are slow or erroring".

2026-06-1245

b2c-business-manager-extensions

SalesforceCommerceCloud/b2c-developer-tooling

Build Business Manager extension cartridges with custom admin tools, menu items, and dialog actions. Use this skill whenever the user needs to create bm_* cartridges, add menu actions or dialog buttons in BM, configure bm_extensions.xml, or extend admin pages with form overlays. Also use when customizing the BM interface for back-office workflows -- even if they just say 'add a button to BM' or 'custom admin page'.

2026-06-1145

sfnext-create-figma-kit

SalesforceCommerceCloud/b2c-developer-tooling

Build or sync a Storefront Next vertical's Figma design kit — duplicate the official kit, update Brand variable collections from brand.css, edit components at the correct layer, and publish Figma Code Connect mappings. Use when asked to set up, duplicate, or sync a Figma kit, update Figma brand variables, or keep design and code tokens aligned. Requires the Figma MCP server.

2026-06-1145

sfnext-create-component

SalesforceCommerceCloud/b2c-developer-tooling

Author a new Storefront Next design-system component the right way — pick the correct layer (primitive vs composite), reuse-or-extend before creating, define CVA variants bound to semantic tokens, add data-slot attributes, satisfy the accessibility checklist, and ship a Storybook story. Use when asked to create, add, or build a new UI component, button/badge/tile/card variant, or design-system primitive. This is the design-system authoring discipline; for createPage/Suspense/shadcn page-rendering patterns see sfnext-components.

2026-06-1145

sfnext-create-vertical

SalesforceCommerceCloud/b2c-developer-tooling

Create a new Storefront Next vertical (brand theme / storefront variant) by editing brand design tokens, typography, dark mode, and the Figma kit. Use when asked to create a new vertical, brand, theme, or storefront variant, re-skin the storefront, or change the brand palette. Covers the brand.css token layer, semantic token rules, fixture-based local development, and the extension-vs-base decision. NOT for engineering component patterns — see sfnext-components.

2026-06-1145

sfnext-extensions

SalesforceCommerceCloud/b2c-developer-tooling

Build extensions for Storefront Next using target-config.json, target points, extension routes, and translation namespaces. Use when creating modular features, inserting components into UI targets, adding extension routes, adding a section to an existing page, or using SFDC_EXT_ integration markers. Covers the base-audit decision gate (deciding whether to extend at all vs token/variant override), extension structure, targetId configuration, and extension registration in src/extensions/config.json.

2026-06-1145