Skip to content

Token format change from UUID to JWT

Jump to bottom
Tobias Lohr edited this page Sep 16, 2022 · 7 revisions

What is this about?

In August 2022 Salesforce announced an upcoming deprecation of the token format UUID for access tokens obtained for API clients. The token format is a configuration at the API client itself. Default value is JWT already, but still a lot of API clients use UUID (mostly because UUID was the default value in the past and that configuration was left untouched).

The deprecation of UUID itself does not mean, that you can easily switch the token formats of all of your API clients today. Reason being is (besides the token length increasing) that the change from UUID to JWT will cause certain API calls (OCAPI Data API and WebDAV API) against B2C Commerce instances to fail. This issue is present when the token was obtained through OAuth grant types implicit, authorization_code and resource_owner_password_credentials grant. The issue is not present when the token was obtained through the OAuth grant type client_credentials.

This has also an effect on commands of the CLI tool, as a commands like sfcc-ci code:deploy, sfcc-ci instance:upload and others make use of OCAPI Data API and WebDAV API.

What to do now?

Don't change the token format to JWT now, if the API client is used to make Data API or WebDAV API calls to B2C Commerce instances and when the token was obtained through either OAuth implicit, authorization_code or resource_owner_password_credentials grant type.

For the CLI tool this means, that if you authenticate using sfcc-ci auth:login <api-client> or sfcc-ci client:auth <client-id> <client-secret> <username> <user-password> and you make use of commands such as sfcc-ci code:deploy, sfcc-ci instance:upload you should not change the token format to JWT.

You can change the token format to JWT today, if you don't make Data API or WebDAV API calls to B2C Commerce instances or if the token was obtained through OAuth client_credentials grant only.

For the CLI tool this means, that if you authenticate using sfcc-ci client:auth <client-id> <client-secret> or you don't make use of commands such as sfcc-ci code:deploy, sfcc-ci instance:upload you can change the token format to JWT today.

What next?

As mentioned in the Salesforce communication in August 2022, more details will be provided early next year (2023) on moving away from UUID access token format.

Clone this wiki locally