Hybrid Authentication Overview

Starting with B2C Commerce version 25.3, hybrid authentication (Hybrid Auth) replaces Plugin SLAS.

Hybrid Auth keeps SFRA/SiteGenesis session state (dwsid) and SLAS authorization state (JWT) synchronized for storefronts that span multiple runtimes. It applies to all hybrid storefront architectures: Storefront Next, PWA Kit (Composable Storefront), and SFRA/SiteGenesis.

The Shared Hybrid Auth Setup covers the architecture-neutral steps that every hybrid storefront needs. After you complete it, follow the implementation guide for your storefront architecture.

  • Synchronizes shopper auth context between platform-rendered pages and headless pages
  • Replaces Plugin SLAS with a platform-native implementation
  • Enables consistent handling for Shopper Context, session extension, and Do-Not-Track (DNT) synchronization
  • Supports eCDN-based traffic splitting for phased headless rollouts

For non-PWA Kit headless storefronts, if you’re using Hybrid Auth and the dwsid cookie exists, include the sfdc_dwsid header with the dwsid cookie value on all SCAPI calls.

  • Platform-native, no Plugin SLAS: Launch faster with out-of-the-box authentication that automatically synchronizes data between SFRA/SiteGenesis and headless pages—no Plugin SLAS required.
  • Seamless shopper experience: Shoppers move across your hybrid site with no disruption or data loss, including synchronized Shopper Context attributes and consistent analytics.
  • Full support for all templates: A fully productized solution for both SFRA and SiteGenesis eases your path to Composable Storefront.

B2C Commerce hybrid authentication architecture with SFRA/SiteGenesis and headless storefront components

  1. Choose your architecture in Select Your Storefront. For an existing PWA Kit v2.x project, see Hybrid Auth Implementation with PWA Kit v2.x.
  2. Complete the Shared Hybrid Auth Setup—the architecture-neutral steps that every hybrid storefront needs.
  3. Follow the setup path for your architecture: Storefront Next Automated Setup (Storefront Next only) or Manual Setup (all other architectures).
  4. Review per-environment differences and route ownership in Hybrid Auth Environments and Routing.
  5. Resolve issues with Hybrid Auth Troubleshooting.