chore(oas): Fix OAS related to JWT authentication (#5448)

* chore(oas): Fix OAS related to JWT authentication

* generate openapi spec files

* remove L option in curl examples

packages/generated/client-types/src/lib/models/AdminBearerAuthRes.ts

@@ -5,7 +5,7 @@ import { SetRelation, Merge } from "../core/ModelUtils"
 
 export interface AdminBearerAuthRes {
   /**
-   * Access token for subsequent authorization.
+   * Access token that can be used to send authenticated requests.
    */
-  accessToken?: string
+  access_token?: string
 }

packages/generated/client-types/src/lib/models/StoreBearerAuthRes.ts

@@ -5,7 +5,7 @@ import { SetRelation, Merge } from "../core/ModelUtils"
 
 export interface StoreBearerAuthRes {
   /**
-   * Access token for subsequent authorization.
+   * Access token that can be used to send authenticated requests.
    */
-  accessToken?: string
+  access_token?: string
 }

packages/medusa/src/api/routes/admin/auth/get-token.ts

@@ -10,10 +10,7 @@ import { AdminPostAuthReq } from "./create-session"
  * operationId: "PostToken"
  * summary: "User Login (JWT)"
  * x-authenticated: false
- * description: "After a successful login, a JWT token is returned for subsequent authorization."
- * parameters:
- *   - (body) email=* {string} The User's email.
- *   - (body) password=* {string} The User's password.
+ * description: "After a successful login, a JWT token is returned, which can be used to send authenticated requests."
  * requestBody:
  *   content:
  *     application/json:
@@ -31,14 +28,14 @@ import { AdminPostAuthReq } from "./create-session"
  *         email: 'user@example.com',
  *         password: 'supersecret'
  *       })
- *       .then(({ accessToken }) => {
- *         console.log(accessToekn);
+ *       .then(({ access_token }) => {
+ *         console.log(access_token);
  *       });
  *   - lang: Shell
  *     label: cURL
  *     source: |
- *       curl --location --request POST 'https://medusa-url.com/admin/auth/token' \
- *       --header 'Content-Type: application/json' \
+ *       curl -X POST '{backend_url}/admin/auth/token' \
+ *       -H 'Content-Type: application/json' \
  *       --data-raw '{
  *         "email": "user@example.com",
  *         "password": "supersecret"

packages/medusa/src/api/routes/admin/auth/index.ts

@@ -44,8 +44,8 @@ export type AdminAuthRes = {
  * @schema AdminBearerAuthRes
  * type: object
  * properties:
- *   accessToken:
- *     description: Access token for subsequent authorization.
+ *   access_token:
+ *     description: Access token that can be used to send authenticated requests.
  *     type: string
  */
 export type AdminBearerAuthRes = {

packages/medusa/src/api/routes/store/auth/delete-session.ts

@@ -11,7 +11,7 @@
  *     label: cURL
  *     source: |
  *       curl -X DELETE '{backend_url}/store/auth' \
- *       -H 'Cookie: connect.sid={sid}'
+ *       -H 'Authorization: Bearer {access_token}'
  * security:
  *   - cookie_auth: []
  *   - jwt_token: []

packages/medusa/src/api/routes/store/auth/get-session.ts

@@ -24,7 +24,7 @@ import { defaultRelations } from "."
  *     label: cURL
  *     source: |
  *       curl '{backend_url}/store/auth' \
- *       -H 'Cookie: connect.sid={sid}'
+ *       -H 'Authorization: Bearer {access_token}'
  * security:
  *   - cookie_auth: []
  *   - jwt_token: []

packages/medusa/src/api/routes/store/auth/get-token.ts

@@ -6,14 +6,11 @@ import { validator } from "../../../../utils/validator"
 import { StorePostAuthReq } from "./create-session"
 
 /**
- * @oas [post] /store/token
+ * @oas [post] /store/auth/token
  * operationId: "PostToken"
  * summary: "Customer Login (JWT)"
  * x-authenticated: false
- * description: "After a successful login, a JWT token is returned for subsequent authorization."
- * parameters:
- *   - (body) email=* {string} The User's email.
- *   - (body) password=* {string} The User's password.
+ * description: "After a successful login, a JWT token is returned, which can be used to send authenticated requests."
  * requestBody:
  *   content:
  *     application/json:
@@ -27,18 +24,18 @@ import { StorePostAuthReq } from "./create-session"
  *     source: |
  *       import Medusa from "@medusajs/medusa-js"
  *       const medusa = new Medusa({ baseUrl: MEDUSA_BACKEND_URL, maxRetries: 3 })
- *       medusa.store.auth.getToken({
+ *       medusa.auth.getToken({
  *         email: 'user@example.com',
  *         password: 'supersecret'
  *       })
- *       .then(({ accessToken }) => {
- *         console.log(accessToken);
+ *       .then(({ access_token }) => {
+ *         console.log(access_token);
  *       });
  *   - lang: Shell
  *     label: cURL
  *     source: |
- *       curl --location --request POST 'https://medusa-url.com/store/auth/token' \
- *       --header 'Content-Type: application/json' \
+ *       curl -X POST '{backend_url}/store/auth/token' \
+ *       -H 'Content-Type: application/json' \
  *       --data-raw '{
  *         "email": "user@example.com",
  *         "password": "supersecret"

packages/medusa/src/api/routes/store/auth/index.ts

@@ -46,8 +46,8 @@ export type StoreAuthRes = {
  * @schema StoreBearerAuthRes
  * type: object
  * properties:
- *   accessToken:
- *     description: Access token for subsequent authorization.
+ *   access_token:
+ *     description: Access token that can be used to send authenticated requests.
  *     type: string
  */
 export type StoreBearerAuthRes = {

packages/medusa/src/api/routes/store/customers/create-address.ts

@@ -46,7 +46,7 @@ import { validator } from "../../../../utils/validator"
  *     label: cURL
  *     source: |
  *       curl -X POST '{backend_url}/store/customers/me/addresses' \
- *       -H 'Cookie: connect.sid={sid}' \
+ *       -H 'Authorization: Bearer {access_token}' \
  *       -H 'Content-Type: application/json' \
  *       --data-raw '{
  *           "address": {

packages/medusa/src/api/routes/store/customers/delete-address.ts

@@ -28,7 +28,7 @@ import CustomerService from "../../../../services/customer"
  *     label: cURL
  *     source: |
  *       curl -X DELETE '{backend_url}/store/customers/me/addresses/{address_id}' \
- *       -H 'Cookie: connect.sid={sid}'
+ *       -H 'Authorization: Bearer {access_token}'
  * security:
  *   - cookie_auth: []
  *   - jwt_token: []

packages/medusa/src/api/routes/store/customers/get-customer.ts

@@ -24,7 +24,7 @@ import CustomerService from "../../../../services/customer"
  *     label: cURL
  *     source: |
  *       curl '{backend_url}/store/customers/me' \
- *       -H 'Cookie: connect.sid={sid}'
+ *       -H 'Authorization: Bearer {access_token}'
  * security:
  *   - cookie_auth: []
  *   - jwt_token: []

packages/medusa/src/api/routes/store/customers/get-payment-methods.ts

@@ -28,7 +28,7 @@ import { PaymentProvider } from "../../../../models"
  *     label: cURL
  *     source: |
  *       curl '{backend_url}/store/customers/me/payment-methods' \
- *       -H 'Cookie: connect.sid={sid}'
+ *       -H 'Authorization: Bearer {access_token}'
  * security:
  *   - cookie_auth: []
  *   - jwt_token: []

packages/medusa/src/api/routes/store/customers/list-orders.ts

@@ -158,7 +158,7 @@ import { DateComparisonOperator } from "../../../../types/common"
  *     label: cURL
  *     source: |
  *       curl '{backend_url}/store/customers/me/orders' \
- *       -H 'Cookie: connect.sid={sid}'
+ *       -H 'Authorization: Bearer {access_token}'
  * security:
  *   - cookie_auth: []
  *   - jwt_token: []

packages/medusa/src/api/routes/store/customers/update-address.ts

@@ -37,7 +37,7 @@ import { validator } from "../../../../utils/validator"
  *     label: cURL
  *     source: |
  *       curl -X POST '{backend_url}/store/customers/me/addresses/{address_id}' \
- *       -H 'Cookie: connect.sid={sid}' \
+ *       -H 'Authorization: Bearer {access_token}' \
  *       -H 'Content-Type: application/json' \
  *       --data-raw '{
  *           "first_name": "Gina"

packages/medusa/src/api/routes/store/customers/update-customer.ts

@@ -37,7 +37,7 @@ import { IsType } from "../../../../utils/validators/is-type"
  *     label: cURL
  *     source: |
  *       curl -X POST '{backend_url}/store/customers/me' \
- *       -H 'Cookie: connect.sid={sid}' \
+ *       -H 'Authorization: Bearer {access_token}' \
  *       -H 'Content-Type: application/json' \
  *       --data-raw '{
  *           "first_name": "Laury"

www/apps/api-reference/specs/admin/code_samples/JavaScript/admin_auth_token/post.js

@@ -4,6 +4,6 @@ medusa.admin.auth.getToken({
   email: 'user@example.com',
   password: 'supersecret'
 })
-.then(({ accessToken }) => {
-  console.log(accessToekn);
+.then(({ access_token }) => {
+  console.log(access_token);
 });

www/apps/api-reference/specs/admin/code_samples/Shell/admin_auth_token/post.sh

@@ -1,5 +1,5 @@
-curl --location --request POST 'https://medusa-url.com/admin/auth/token' \
---header 'Content-Type: application/json' \
+curl -X POST '{backend_url}/admin/auth/token' \
+-H 'Content-Type: application/json' \
 --data-raw '{
   "email": "user@example.com",
   "password": "supersecret"

www/apps/api-reference/specs/admin/components/schemas/AdminBearerAuthRes.yaml

@@ -1,5 +1,5 @@
 type: object
 properties:
-  accessToken:
-    description: Access token for subsequent authorization.
+  access_token:
+    description: Access token that can be used to send authenticated requests.
     type: string

www/apps/api-reference/specs/admin/paths/admin_auth_token.yaml

@@ -3,24 +3,13 @@ post:
   summary: User Login (JWT)
   x-authenticated: false
   description: >-
-    After a successful login, a JWT token is returned for subsequent
-    authorization.
-  parameters: []
+    After a successful login, a JWT token is returned, which can be used to send
+    authenticated requests.
   requestBody:
     content:
       application/json:
         schema:
-          type: object
-          required:
-            - email
-            - password
-          properties:
-            email:
-              type: string
-              description: The User's email.
-            password:
-              type: string
-              description: The User's password.
+          $ref: ../components/schemas/AdminPostAuthReq.yaml
   x-codegen:
     method: getToken
   x-codeSamples:

www/apps/api-reference/specs/store/code_samples/JavaScript/store_auth_token/post.js

@@ -1,9 +1,9 @@
 import Medusa from "@medusajs/medusa-js"
 const medusa = new Medusa({ baseUrl: MEDUSA_BACKEND_URL, maxRetries: 3 })
-medusa.store.auth.getToken({
+medusa.auth.getToken({
   email: 'user@example.com',
   password: 'supersecret'
 })
-.then(({ accessToken }) => {
-  console.log(accessToken);
+.then(({ access_token }) => {
+  console.log(access_token);
 });

www/apps/api-reference/specs/store/code_samples/Shell/store_auth/delete.sh

@@ -1,2 +1,2 @@
 curl -X DELETE '{backend_url}/store/auth' \
--H 'Cookie: connect.sid={sid}'
+-H 'Authorization: Bearer {access_token}'

www/apps/api-reference/specs/store/code_samples/Shell/store_auth/get.sh

@@ -1,2 +1,2 @@
 curl '{backend_url}/store/auth' \
--H 'Cookie: connect.sid={sid}'
+-H 'Authorization: Bearer {access_token}'

www/apps/api-reference/specs/store/code_samples/Shell/store_auth_token/post.sh

@@ -0,0 +1,6 @@
+curl -X POST '{backend_url}/store/auth/token' \
+-H 'Content-Type: application/json' \
+--data-raw '{
+  "email": "user@example.com",
+  "password": "supersecret"
+}'

www/apps/api-reference/specs/store/code_samples/Shell/store_customers_me/get.sh

@@ -1,2 +1,2 @@
 curl '{backend_url}/store/customers/me' \
--H 'Cookie: connect.sid={sid}'
+-H 'Authorization: Bearer {access_token}'

www/apps/api-reference/specs/store/code_samples/Shell/store_customers_me/post.sh

@@ -1,5 +1,5 @@
 curl -X POST '{backend_url}/store/customers/me' \
--H 'Cookie: connect.sid={sid}' \
+-H 'Authorization: Bearer {access_token}' \
 -H 'Content-Type: application/json' \
 --data-raw '{
     "first_name": "Laury"

www/apps/api-reference/specs/store/code_samples/Shell/store_customers_me_addresses/post.sh

@@ -1,5 +1,5 @@
 curl -X POST '{backend_url}/store/customers/me/addresses' \
--H 'Cookie: connect.sid={sid}' \
+-H 'Authorization: Bearer {access_token}' \
 -H 'Content-Type: application/json' \
 --data-raw '{
     "address": {

www/apps/api-reference/specs/store/code_samples/Shell/store_customers_me_addresses_{address_id}/delete.sh

@@ -1,2 +1,2 @@
 curl -X DELETE '{backend_url}/store/customers/me/addresses/{address_id}' \
--H 'Cookie: connect.sid={sid}'
+-H 'Authorization: Bearer {access_token}'

www/apps/api-reference/specs/store/code_samples/Shell/store_customers_me_addresses_{address_id}/post.sh

@@ -1,5 +1,5 @@
 curl -X POST '{backend_url}/store/customers/me/addresses/{address_id}' \
--H 'Cookie: connect.sid={sid}' \
+-H 'Authorization: Bearer {access_token}' \
 -H 'Content-Type: application/json' \
 --data-raw '{
     "first_name": "Gina"

www/apps/api-reference/specs/store/code_samples/Shell/store_customers_me_orders/get.sh

@@ -1,2 +1,2 @@
 curl '{backend_url}/store/customers/me/orders' \
--H 'Cookie: connect.sid={sid}'
+-H 'Authorization: Bearer {access_token}'

www/apps/api-reference/specs/store/code_samples/Shell/store_customers_me_payment-methods/get.sh

@@ -1,2 +1,2 @@
 curl '{backend_url}/store/customers/me/payment-methods' \
--H 'Cookie: connect.sid={sid}'
+-H 'Authorization: Bearer {access_token}'

www/apps/api-reference/specs/store/code_samples/Shell/store_token/post.sh

@@ -1,6 +0,0 @@
-curl --location --request POST 'https://medusa-url.com/store/auth/token' \
---header 'Content-Type: application/json' \
---data-raw '{
-  "email": "user@example.com",
-  "password": "supersecret"
-}'

www/apps/api-reference/specs/store/components/schemas/StoreBearerAuthRes.yaml

@@ -1,5 +1,5 @@
 type: object
 properties:
-  accessToken:
-    description: Access token for subsequent authorization.
+  access_token:
+    description: Access token that can be used to send authenticated requests.
     type: string

www/apps/api-reference/specs/store/openapi.yaml

@@ -154,6 +154,8 @@ servers:
 paths:
   /store/auth:
     $ref: paths/store_auth.yaml
+  /store/auth/token:
+    $ref: paths/store_auth_token.yaml
   /store/auth/{email}:
     $ref: paths/store_auth_{email}.yaml
   /store/carts:
@@ -262,8 +264,6 @@ paths:
     $ref: paths/store_swaps.yaml
   /store/swaps/{cart_id}:
     $ref: paths/store_swaps_{cart_id}.yaml
-  /store/token:
-    $ref: paths/store_token.yaml
   /store/variants:
     $ref: paths/store_variants.yaml
   /store/variants/{id}:

www/apps/api-reference/specs/store/paths/store_auth_token.yaml

@@ -3,35 +3,24 @@ post:
   summary: Customer Login (JWT)
   x-authenticated: false
   description: >-
-    After a successful login, a JWT token is returned for subsequent
-    authorization.
-  parameters: []
+    After a successful login, a JWT token is returned, which can be used to send
+    authenticated requests.
   requestBody:
     content:
       application/json:
         schema:
-          type: object
-          required:
-            - email
-            - password
-          properties:
-            email:
-              type: string
-              description: The User's email.
-            password:
-              type: string
-              description: The User's password.
+          $ref: ../components/schemas/StorePostAuthReq.yaml
   x-codegen:
     method: getToken
   x-codeSamples:
     - lang: JavaScript
       label: JS Client
       source:
-        $ref: ../code_samples/JavaScript/store_token/post.js
+        $ref: ../code_samples/JavaScript/store_auth_token/post.js
     - lang: Shell
       label: cURL
       source:
-        $ref: ../code_samples/Shell/store_token/post.sh
+        $ref: ../code_samples/Shell/store_auth_token/post.sh
   tags:
     - Auth
   responses: