commercetools · kodiakhq · Jun 4, 2025 · Jun 4, 2025
@@ -3,6 +3,10 @@
 <details>
 <summary>Added Type(s)</summary>
 
+- added type `ExpiredCustomerEmailTokenError`
+- added type `ExpiredCustomerPasswordTokenError`
+- added type `GraphQLExpiredCustomerEmailTokenError`
+- added type `GraphQLExpiredCustomerPasswordTokenError`
 - added type `CheckoutOrderCreationFailedEvent`
 - added type `CheckoutPaymentAuthorizationCancelledEvent`
 - added type `CheckoutPaymentAuthorizationFailedEvent`
@@ -17,6 +21,23 @@
 </details>
 
 
+<details>
+<summary>Added Property(s)</summary>
+
+- added property `invalidateOlderTokens` to type `CustomerCreateEmailToken`
+- added property `invalidateOlderTokens` to type `CustomerCreatePasswordResetToken`
+- added property `invalidateOlderTokens` to type `CustomerToken`
+- added property `value` to type `CustomerEmailTokenCreatedMessage`
+- added property `invalidateOlderTokens` to type `CustomerEmailTokenCreatedMessage`
+- added property `value` to type `CustomerPasswordTokenCreatedMessage`
+- added property `invalidateOlderTokens` to type `CustomerPasswordTokenCreatedMessage`
+- added property `value` to type `CustomerEmailTokenCreatedMessagePayload`
+- added property `invalidateOlderTokens` to type `CustomerEmailTokenCreatedMessagePayload`
+- added property `value` to type `CustomerPasswordTokenCreatedMessagePayload`
+- added property `invalidateOlderTokens` to type `CustomerPasswordTokenCreatedMessagePayload`
+</details>
+
+
 <details>
 <summary>Added Enum(s)</summary>
 

@@ -3660,6 +3660,7 @@ type CustomerEmailToken implements Versioned {
   customerId: String!
   expiresAt: DateTime!
   value: String!
+  invalidateOlderTokens: Boolean!
   id: String!
   version: Long!
   createdAt: DateTime!
@@ -3670,6 +3671,8 @@ type CustomerEmailToken implements Versioned {
 
 type CustomerEmailTokenCreated implements MessagePayload {
   customerId: String!
+  value: String
+  invalidateOlderTokens: Boolean!
   expiresAt: DateTime!
   type: String!
 }
@@ -3814,6 +3817,7 @@ type CustomerPasswordToken implements Versioned {
   customerId: String!
   expiresAt: DateTime!
   value: String!
+  invalidateOlderTokens: Boolean!
   id: String!
   version: Long!
   createdAt: DateTime!
@@ -3824,6 +3828,8 @@ type CustomerPasswordToken implements Versioned {
 
 type CustomerPasswordTokenCreated implements MessagePayload {
   customerId: String!
+  value: String
+  invalidateOlderTokens: Boolean!
   expiresAt: DateTime!
   type: String!
 }
@@ -6023,21 +6029,27 @@ type Mutation {
     "The mutation is only performed if the resource is part of the store. Can be used with store-specific OAuth permissions."
     storeKey: KeyReferenceInput): Customer
 
-  "The token value is used to reset the password of the customer with the given email. The token is valid only for 10 minutes."
+  "The token value is used to reset the password of the customer with the given email. The token is valid for the time-to-live period (TTL)."
   customerCreatePasswordResetToken(email: String!,
 
     "The validity of the created token in minutes."
     ttlMinutes: Int,
 
     "The mutation is only performed if the resource is part of the store. Can be used with store-specific OAuth permissions."
-    storeKey: KeyReferenceInput): CustomerPasswordToken
+    storeKey: KeyReferenceInput,
+
+    "Invalidate older, previously created tokens when a new token is created."
+    invalidateOlderTokens: Boolean! = false): CustomerPasswordToken
   customerCreateEmailVerificationToken(id: String!, version: Long,
 
     "The validity of the created token in minutes."
     ttlMinutes: Int!,
 
     "The mutation is only performed if the resource is part of the store. Can be used with store-specific OAuth permissions."
-    storeKey: KeyReferenceInput): CustomerEmailToken!
+    storeKey: KeyReferenceInput,
+
+    "Invalidate older, previously created tokens when a new token is created."
+    invalidateOlderTokens: Boolean! = false): CustomerEmailToken!
 
   "BETA: This feature can be subject to change and should be used carefully in production. https://docs.commercetools.com/api/contract#public-beta If used with an access token for Anonymous Sessions, all orders and carts belonging to the anonymousId will be assigned to the newly created customer."
   customerSignMeUp(draft: CustomerSignMeUpDraft!,

@@ -18,6 +18,7 @@
 /**
  *  <p>Use this method to verify a global Customer's email during their email verification process.</p>
  *  <p>Verifying the email of the Customer produces the CustomerEmailVerified Message.</p>
+ *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -19,6 +19,7 @@
 /**
  *  <p>Use this method to verify a global Customer's email during their email verification process.</p>
  *  <p>Verifying the email of the Customer produces the CustomerEmailVerified Message.</p>
+ *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -17,7 +17,7 @@
 
 /**
  *  <p>Use this method to create an email token for a global Customer during their email verification process.</p>
- *  <p>Creating an email token for the Customer produces the CustomerEmailTokenCreated Message.</p>
+ *  <p>Creating an email token for the Customer produces the CustomerEmailTokenCreated Message. The Message will include the token's value, if the token's validity is 60 minutes or less.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -18,7 +18,7 @@
 
 /**
  *  <p>Use this method to create an email token for a global Customer during their email verification process.</p>
- *  <p>Creating an email token for the Customer produces the CustomerEmailTokenCreated Message.</p>
+ *  <p>Creating an email token for the Customer produces the CustomerEmailTokenCreated Message. The Message will include the token's value, if the token's validity is 60 minutes or less.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -17,8 +17,8 @@
 
 /**
  *  <p>Use this method to reset a global Customer's password during their password reset process.</p>
- *  <p>After the password is reset, any previously issued access and/or refresh tokens created through the password flow or refresh token flow are invalidated.</p>
  *  <p>Resetting the password of the Customer produces the CustomerPasswordUpdated Message with <code>reset=true</code>.</p>
+ *  <p>After the password is reset, all password tokens issued previously through the password reset flow are invalidated. In addition, any access and refresh tokens issued previously through the password flow and refresh token flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -18,8 +18,8 @@
 
 /**
  *  <p>Use this method to reset a global Customer's password during their password reset process.</p>
- *  <p>After the password is reset, any previously issued access and/or refresh tokens created through the password flow or refresh token flow are invalidated.</p>
  *  <p>Resetting the password of the Customer produces the CustomerPasswordUpdated Message with <code>reset=true</code>.</p>
+ *  <p>After the password is reset, all password tokens issued previously through the password reset flow are invalidated. In addition, any access and refresh tokens issued previously through the password flow and refresh token flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -17,7 +17,7 @@
 
 /**
  *  <p>Use this method to create a password reset token for a global Customer during their password reset process.</p>
- *  <p>Creating a password reset token does not invalidate existing tokens.</p>
+ *  <p>Creating a password reset token for the Customer produces the CustomerPasswordTokenCreated Message. The Message will include the token's value, if the token's validity is 60 minutes or less.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -18,7 +18,7 @@
 
 /**
  *  <p>Use this method to create a password reset token for a global Customer during their password reset process.</p>
- *  <p>Creating a password reset token does not invalidate existing tokens.</p>
+ *  <p>Creating a password reset token for the Customer produces the CustomerPasswordTokenCreated Message. The Message will include the token's value, if the token's validity is 60 minutes or less.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -19,6 +19,7 @@
  *  <p>Use this method to verify a Store-specific Customer's email during their email verification process.</p>
  *  <p>Verifying the email of the Customer produces the CustomerEmailVerified Message.</p>
  *  <p>If the Customer exists in the Project but the <code>stores</code> field references a different Store, this method returns a ResourceNotFound error.</p>
+ *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -20,6 +20,7 @@
  *  <p>Use this method to verify a Store-specific Customer's email during their email verification process.</p>
  *  <p>Verifying the email of the Customer produces the CustomerEmailVerified Message.</p>
  *  <p>If the Customer exists in the Project but the <code>stores</code> field references a different Store, this method returns a ResourceNotFound error.</p>
+ *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -18,6 +18,7 @@
 /**
  *  <p>Use this method to create an email token for a Store-specific Customer during their email verification process.</p>
  *  <p>If the Customer exists in the Project but the <code>stores</code> field references a different Store, this method returns a ResourceNotFound error.</p>
+ *  <p>Creating an email token for the Customer produces the CustomerEmailTokenCreated Message. The Message will include the token's value, if the token's validity is 60 minutes or less.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -19,6 +19,7 @@
 /**
  *  <p>Use this method to create an email token for a Store-specific Customer during their email verification process.</p>
  *  <p>If the Customer exists in the Project but the <code>stores</code> field references a different Store, this method returns a ResourceNotFound error.</p>
+ *  <p>Creating an email token for the Customer produces the CustomerEmailTokenCreated Message. The Message will include the token's value, if the token's validity is 60 minutes or less.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -17,8 +17,8 @@
 
 /**
  *  <p>Use this method to reset a Store-specific Customer's password during their password reset process.</p>
- *  <p>After the password is reset, any previously issued access and/or refresh tokens created through the password flow or refresh token flow are invalidated.</p>
  *  <p>Resetting the password of the Customer produces the CustomerPasswordUpdated Message with <code>reset=true</code>.</p>
+ *  <p>After the password is reset, all password tokens issued previously through the password reset flow are invalidated. In addition, any access and refresh tokens issued previously through the password flow and refresh token flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *  <p>If the Customer exists in the Project but the <code>stores</code> field references a different Store, then this method returns a ResourceNotFound error.</p>
  *
  * <hr>

@@ -18,8 +18,8 @@
 
 /**
  *  <p>Use this method to reset a Store-specific Customer's password during their password reset process.</p>
- *  <p>After the password is reset, any previously issued access and/or refresh tokens created through the password flow or refresh token flow are invalidated.</p>
  *  <p>Resetting the password of the Customer produces the CustomerPasswordUpdated Message with <code>reset=true</code>.</p>
+ *  <p>After the password is reset, all password tokens issued previously through the password reset flow are invalidated. In addition, any access and refresh tokens issued previously through the password flow and refresh token flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *  <p>If the Customer exists in the Project but the <code>stores</code> field references a different Store, then this method returns a ResourceNotFound error.</p>
  *
  * <hr>

@@ -17,8 +17,8 @@
 
 /**
  *  <p>Use this method to create a password reset token for a Store-specific Customer during their password reset process.</p>
- *  <p>Creating a password reset token does not invalidate existing tokens.</p>
  *  <p>If the Customer exists in the Project but the <code>stores</code> field references a different Store, this method returns a ResourceNotFound error.</p>
+ *  <p>Creating a password reset token for the Customer produces the CustomerPasswordTokenCreated Message. The Message will include the token's value, if the token's validity is 60 minutes or less.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -18,8 +18,8 @@
 
 /**
  *  <p>Use this method to create a password reset token for a Store-specific Customer during their password reset process.</p>
- *  <p>Creating a password reset token does not invalidate existing tokens.</p>
  *  <p>If the Customer exists in the Project but the <code>stores</code> field references a different Store, this method returns a ResourceNotFound error.</p>
+ *  <p>Creating a password reset token for the Customer produces the CustomerPasswordTokenCreated Message. The Message will include the token's value, if the token's validity is 60 minutes or less.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -17,6 +17,7 @@
 
 /**
  *  <p>This is the last step in the email verification process of a Customer. Returns a <code>200 OK</code> status if successful.</p>
+ *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *  <p>A ResourceNotFound error is returned in the following scenarios:</p>
  *  <ul>
  *   <li>If no Customer exists with the <code>id</code> specified in the customer:{id} scope.</li>

@@ -18,6 +18,7 @@
 
 /**
  *  <p>This is the last step in the email verification process of a Customer. Returns a <code>200 OK</code> status if successful.</p>
+ *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *  <p>A ResourceNotFound error is returned in the following scenarios:</p>
  *  <ul>
  *   <li>If no Customer exists with the <code>id</code> specified in the customer:{id} scope.</li>

@@ -18,6 +18,7 @@
 /**
  *  <p>This is the last step in the password reset process of the authenticated Customer.</p>
  *  <p>Resetting a password produces the Customer CustomerPasswordUpdated Message with <code>reset=true</code>.</p>
+ *  <p>After the password is reset, all password tokens issued previously through the password reset flow are invalidated. In addition, any access and refresh tokens issued previously through the password flow and refresh token flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *  <p>A ResourceNotFound error is returned in the following scenarios:</p>
  *  <ul>
  *   <li>If no Customer exists with the <code>id</code> specified in the customer:{id} scope.</li>

@@ -19,6 +19,7 @@
 /**
  *  <p>This is the last step in the password reset process of the authenticated Customer.</p>
  *  <p>Resetting a password produces the Customer CustomerPasswordUpdated Message with <code>reset=true</code>.</p>
+ *  <p>After the password is reset, all password tokens issued previously through the password reset flow are invalidated. In addition, any access and refresh tokens issued previously through the password flow and refresh token flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *  <p>A ResourceNotFound error is returned in the following scenarios:</p>
  *  <ul>
  *   <li>If no Customer exists with the <code>id</code> specified in the customer:{id} scope.</li>

@@ -17,6 +17,7 @@
 
 /**
  *  <p>This is the last step in the email verification process of a Customer.</p>
+ *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -18,6 +18,7 @@
 
 /**
  *  <p>This is the last step in the email verification process of a Customer.</p>
+ *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -18,6 +18,7 @@
 /**
  *  <p>This is the last step in the password reset process of a Customer.</p>
  *  <p>Resetting a password of the Customer produces the CustomerPasswordUpdated Message with <code>reset=true</code>.</p>
+ *  <p>After the password is reset, all password tokens issued previously through the password reset flow are invalidated. In addition, any access and refresh tokens issued previously through the password flow and refresh token flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -19,6 +19,7 @@
 /**
  *  <p>This is the last step in the password reset process of a Customer.</p>
  *  <p>Resetting a password of the Customer produces the CustomerPasswordUpdated Message with <code>reset=true</code>.</p>
+ *  <p>After the password is reset, all password tokens issued previously through the password reset flow are invalidated. In addition, any access and refresh tokens issued previously through the password flow and refresh token flow are invalidated. This invalidation of tokens is eventually consistent.</p>
  *
  * <hr>
  * <div class=code-example>

@@ -56,6 +56,14 @@ public interface CustomerCreateEmailToken {
     @JsonProperty("ttlMinutes")
     public Long getTtlMinutes();
 
+    /**
+     *  <p>If set to <code>true</code>, all email tokens issued previously for the Customer will be invalidated.</p>
+     * @return invalidateOlderTokens
+     */
+
+    @JsonProperty("invalidateOlderTokens")
+    public Boolean getInvalidateOlderTokens();
+
     /**
      *  <p>Unique identifier of the Customer.</p>
      * @param id value to be set
@@ -77,6 +85,13 @@ public interface CustomerCreateEmailToken {
 
     public void setTtlMinutes(final Long ttlMinutes);
 
+    /**
+     *  <p>If set to <code>true</code>, all email tokens issued previously for the Customer will be invalidated.</p>
+     * @param invalidateOlderTokens value to be set
+     */
+
+    public void setInvalidateOlderTokens(final Boolean invalidateOlderTokens);
+
     /**
      * factory method
      * @return instance of CustomerCreateEmailToken
@@ -95,6 +110,7 @@ public static CustomerCreateEmailToken of(final CustomerCreateEmailToken templat
         instance.setId(template.getId());
         instance.setVersion(template.getVersion());
         instance.setTtlMinutes(template.getTtlMinutes());
+        instance.setInvalidateOlderTokens(template.getInvalidateOlderTokens());
         return instance;
     }
 
@@ -114,6 +130,7 @@ public static CustomerCreateEmailToken deepCopy(@Nullable final CustomerCreateEm
         instance.setId(template.getId());
         instance.setVersion(template.getVersion());
         instance.setTtlMinutes(template.getTtlMinutes());
+        instance.setInvalidateOlderTokens(template.getInvalidateOlderTokens());
         return instance;
     }
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,6 +17,7 @@ @@
     /**
      *  <p>This is the last step in the email verification process of a Customer.</p>
+     *  <p>After the email is verified, all email tokens issued previously through the email verification flow are invalidated. This invalidation of tokens is eventually consistent.</p>
      *
      * <hr>
      * <div class=code-example>
@@ Expand Down @@