Server-Side Extension Authentication Examples
This topic illustrates the following behaviors related to authenticated access in your server-side extension custom app.
How pass-through authentication works for logged-in shoppers
If a shopper is currently authenticated with Oracle Commerce, the current OAuth 2.0 bearer token will be included in the authorization header of the incoming request to your custom app. The authorization header contains a JSON Web Token (JWT), which is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
The JWT is base64 encoded and you can parse the token to retrieve information about the logged-in shopper. In order to support