Include vendors disclosed segment in TC string for __tcfapi (#7266)

Author: gilluminate

changelog/7266.yaml

@@ -0,0 +1,3 @@
+description: Included vendors disclosed segment in TC string for __tcfapi getTCData
+type: Fixed
+pr: 7266

clients/fides-js/src/lib/tcf/events.ts

@@ -1,10 +1,8 @@
 import { FidesEvent } from "../events";
-import { FIDES_SEPARATOR } from "./constants";
+import { decodeFidesString } from "../fides-string";
 
 /**
- * Extract just the TC string from a FidesEvent. This will also remove parts of the
- * TC string that we do not want to surface with our CMP API events, such as
- * `vendors_disclosed` and our own AC string addition.
+ * Extract just the TC string from a FidesEvent.
  *
  * Returns a string to be used for the `CmpApi` class from `@iabtechlabtcf/cmpapi`, which expects one of three input strings:
  *  - Encoded TC string (e.g. "CP1sGZVP1..."), which will be decoded into `TCData` and set `gdprApplies = true`
@@ -23,14 +21,9 @@ export const extractTCStringForCmpApi = (event: FidesEvent): string | null => {
     return null;
   }
   const { fides_string: cookieString } = event.detail;
-  if (cookieString) {
-    // Remove the AC portion which is separated by FIDES_SEPARATOR
-    const [tcString] = cookieString.split(FIDES_SEPARATOR);
-    // We only want to return the first part of the tcString, which is separated by '.'
-    // This means Publisher TC is not sent either, which is okay for now since we do not set it.
-    // However, if we do one day set it, we would have to decode the string and encode it again
-    // without vendorsDisclosed
-    return tcString.split(".")[0];
+  if (!cookieString) {
+    return "";
   }
-  return cookieString ?? "";
+  const { tc } = decodeFidesString(cookieString);
+  return tc ?? "";
 };

clients/privacy-center/cypress/e2e/fides-js/consent-banner-tcf.cy.ts

@@ -3918,6 +3918,38 @@ describe("Fides-js TCF", () => {
         });
     });
 
+    it("TC string from __tcfapi matches the TC portion of Fides.fides_string", () => {
+      cy.get("#fides-tab-vendors").click();
+      cy.getByTestId("consent-modal").within(() => {
+        cy.get("button").contains("Opt in to all").click();
+      });
+      cy.wait("@patchPrivacyPreference");
+
+      cy.window().then((win) => {
+        win.__tcfapi("getTCData", 2, cy.stub().as("getTCData"));
+        cy.get("@getTCData")
+          .should("have.been.calledOnce")
+          .its("lastCall.args")
+          .then(([tcData, success]) => {
+            expect(success).to.eql(true);
+
+            // Get TC string from __tcfapi
+            const tcStringFromApi = tcData.tcString;
+
+            // Get TC string from fides_string (before the FIDES_SEPARATOR)
+            const fidesStringFull = win.Fides.fides_string;
+            const [tcStringFromFides] = fidesStringFull.split(FIDES_SEPARATOR);
+
+            // They should match exactly, including disclosed vendors segment
+            expect(tcStringFromApi).to.eql(tcStringFromFides);
+
+            // Both should include the disclosed vendors segment (indicated by a '.')
+            expect(tcStringFromApi).to.contain(".");
+            expect(tcStringFromFides).to.contain(".");
+          });
+      });
+    });
+
     it("can get `addtlConsents` from getTCData custom function", () => {
       cy.get("#fides-tab-vendors").click();
       cy.getByTestId("consent-modal").within(() => {