Gesso Authentication Provider
Provider-agnostic authentication layer for Gesso frontends.
Introduction
@acromedia/gesso-authentication provides a unified authentication interface that works across commerce, CMS, and SSO backends. It follows the same plugin architecture as other Gesso providers — define an AuthPlugin, pass it to the authentication() factory, and get a consistent API for login, logout, session management, and token handling.
Setup
pnpm install @acromedia/gesso-authentication
Usage
import { authentication } from '@acromedia/gesso-authentication';
const auth = authentication(
{ useAuth: myAuthPlugin },
{ provider: 'bigcommerce', hooks: myHooks },
);
// Server-side
const { login, logout, handleCallback } = auth.getAuth();
const result = await login('user@example.com', 'password');
// Session management
const session = auth.sessionManager.createSession({
user: result.payload,
tokens: myTokens,
provider: 'bigcommerce',
method: 'credentials',
});
Adapters
Bridge existing Gesso provider plugins to the AuthPlugin interface:
import { createCommerceAuthPlugin } from '@acromedia/gesso-authentication';
import { customerPlugin } from '@acromedia/gesso-plugin-bigcommerce';
const authPlugin = createCommerceAuthPlugin(customerPlugin);
Available adapters:
createCommerceAuthPlugin— wraps commerceCustomerPlugincreateCmsAuthPlugin— wraps CMSUserPlugin
Lifecycle Hooks
Optional hooks for cross-cutting concerns (audit logging, session enrichment, token refresh):
onBeforeAuth/onAfterAuth— before and after authenticationonBeforeLogout/onAfterLogout— logout lifecycleonBeforeTokenRefresh/onAfterTokenRefresh/onTokenRefreshError— token refresh lifecycleonSessionAccess— session validation (e.g. Drupal desync check)
Testing
pnpm test
Uses Cypress component testing. Spec files are colocated with source files (*.spec.ts).
Notes
- Commit messages must follow Conventional Commits specification.
- All imports use ESM with
.jsextensions. - The package ships both ESM and CJS builds.