Remove redundant dependencies

packages/sdk-auth/package.json

@@ -36,7 +36,7 @@
   },
   "dependencies": {
     "@commercetools/sdk-middleware-http": "^7.0.0",
-    "lodash.defaultsdeep": "^4.6.0",
+    "lodash.defaultsdeep": "^4.6.1",
     "qss": "2.0.3"
   },
   "devDependencies": {

packages/sdk-auth/src/auth.js

@@ -1,5 +1,4 @@
 /* @flow */
-
 import type {
   AuthOptions,
   CustomAuthOptions,
@@ -9,7 +8,6 @@ import type {
   UserAuthOptions,
 } from 'types/sdk'
 import { decode, encode } from 'qss'
-import defaultsDeep from 'lodash.defaultsdeep'
 import { getErrorByCode } from '@commercetools/sdk-middleware-http'
 import * as constants from './constants'
 
@@ -88,7 +86,8 @@ export default class SdkAuth {
     clientId,
     clientSecret,
   }: ClientAuthOptions): string {
-    return Buffer.from(`${clientId}:${clientSecret}`).toString('base64')
+    const targetStr = `${clientId}:${clientSecret}`
+    return typeof Buffer === 'undefined' ? btoa(targetStr) : Buffer.from(targetStr).toString('base64')
   }
 
   static _getScopes(scopes: ?Array<string>, projectKey: ?string): string {
@@ -221,7 +220,7 @@ export default class SdkAuth {
     const { uri, body, basicAuth, authType, headers } = request
     const fetchHeaders = headers || {
       Authorization: `${authType || constants.DEFAULT_AUTH_TYPE} ${basicAuth}`,
-      'Content-Length': Buffer.byteLength(body).toString(),
+      'Content-Length': JSON.stringify(body?.length || 0),
       'Content-Type': 'application/x-www-form-urlencoded',
     }
 
@@ -237,10 +236,21 @@ export default class SdkAuth {
   }
 
   _getRequestConfig(config: CustomAuthOptions = {}): AuthOptions {
-    const mergedConfig = defaultsDeep({}, config, this.config)
 
-    // handle scopes array - defaultsDeep would merge arrays together
+    // It is important to note the difference between plain old javascript Object.assign()
+    // and the lodash _.defaultsDeep() functions especially how they are both used here
+
+    // _.defaultsDeep({ 'a': { 'b': 2 } }, { 'a': { 'b': 1, 'c': 3 } }) // { a: { b: 2, c: 3 } }
+    // Object.assign({ 'a': { 'b': 2 } }, { 'a': { 'b': 1, 'c': 3 } }) // { a: { b: 1, c: 3 } }
+
+    // handle scopes array - Object.assign would merge arrays together
     // instead of taking its first occurrence
+    // const mergedConfig = defaultsDeep({}, config, this.config)
+
+    const mergedConfig = typeof window === 'undefined' ?
+      // eslint-disable-next-line global-require, prefer-object-spread
+      require('lodash.defaultsdeep')({}, config, this.config) : Object.assign({}, this.config, config)
+
     if (config.scopes) mergedConfig.scopes = config.scopes
 
     return mergedConfig

packages/sdk-auth/test/token-provider.spec.js

@@ -342,4 +342,20 @@ describe('Token Provider', () => {
       expect(_tokenProvider.tokenInfo).toEqual(null)
     })
   })
+
+  describe('scopes', () => {
+    const auth = new Auth(config)
+    test('should include scope in the merged config', () => {
+      expect(config.scopes).toBeFalsy()
+
+      const mergedConfig = auth._getRequestConfig({ scopes: ['new-scope:demo-projectKey'] })
+
+      expect(mergedConfig).toBeTruthy()
+      expect(mergedConfig).toMatchObject(
+        expect.objectContaining({
+          scopes: ['new-scope:demo-projectKey']
+        })
+      )
+    })
+  })
 })