Watson Commerce Ideas

Order Management, Inventory Visibility, Store Engagement, Watson Order Optimizer, Call Center and CPQ are now a part of Watson Supply Chain. Please bookmark the Watson Supply Chain Idea Portal.

Submit new product ideas for Watson Commerce Offerings including Digital Commerce, Websphere Commerce, Watson Content Hub, Watson Commerce Insights, Dynamic Pricing, Price Optimization, Promotion Optimization, Markdown and Deal Management. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed.

Connect with your peers and IBM experts on the Watson Marketing and Commerce Community and the Order Management Interest Group, now a part of Watson Supply Chain.

Submit ideas for other Watson Customer Engagement Products:

  • Watson Marketing
  • Watson Supply Chain

OAuth 2.0 Authentication Management

A drawback to the current framework is the lack of User Identity Management using current standards.  WebSphere Commerce offers a robust set of APIs naively but adapting these to a native mobile application is difficult due to the way identity management works (no customer wants to have to log in time and again, nor do they want their guest cart to be removed on a native device and best practices are pushing away from storing logon/password on the device).   

I understand there are other solutions but I believe moving to OAuth 2.0 instead of the WCToken & WCTrustedToken would make the platform much easier to have wide adoption on.  At a minimum there should be a WCRenewToken also which can handle renewal functionality upon token expiration.

The point of this is that any API consumer takes the customers username/password, uses those once, then only retains the current tokens.  When they expire they can leverage the WCRenewToken to refresh the session (if it is still valid, this allows for password change to terminate an authenticated token).  Believe OAuth 2.0 covers all this but simply adding the renewal token would solve several issues today (note: the current "remember me" cookie functionality acts very similarly to this).

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Mar 29 2019
  • Needs review
How will this idea be used?

We're currently in flight on a native app.  Given current functionality we are having to solution around this.

What is your industry? Automotive
What is the idea priority? Low
DeveloperWorks ID
Link to original RFE
  • Attach files