Add CLI token support for app management and BP API #5604
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This stack of pull requests is managed by Graphite. Learn more about stacking. |
zzooeeyy
force-pushed
the
zl/add_cli_token_support_for_app_management_and_bp_api
branch
3 times, most recently
from
9ae7ebd to
2a0f42d
Compare
Coverage report
Show files with reduced coverage 🔻
Test suite run success2177 tests passing in 954 suites. Report generated by 🧪jest coverage report action from a0d5b24 |
zzooeeyy
force-pushed
the
zl/add_cli_token_support_for_app_management_and_bp_api
branch
from
2a0f42d to
ce7514a
Compare
This was referenced Apr 8, 2025
zzooeeyy
force-pushed
the
zl/add_cli_token_support_for_app_management_and_bp_api
branch
5 times, most recently
from
7692bd1 to
a437d4f
Compare
zzooeeyy
force-pushed
the
zl/add_cli_token_support_for_app_management_and_bp_api
branch
3 times, most recently
from
87d5eda to
1093c77
Compare
|
/snapit |
|
🫰✨ Thanks @zzooeeyy! Your snapshot has been published to npm. Test the snapshot by installing your package globally: pnpm i -g @shopify/cli@0.0.0-snapshot-20250410165640Tip If you get an Caution After installing, validate the version by running just |
Co-authored-by: Ryan DJ Lee <ryan.d.lee@shopify.com> Co-authored-by: Zoey Lan <zoey.lan@shopify.com>
|
We detected some changes at packages/*/src and there are no updates in the .changeset. |
zzooeeyy
force-pushed
the
zl/add_cli_token_support_for_app_management_and_bp_api
branch
from
1093c77 to
a0d5b24
Compare
Differences in type declarationsWe detected differences in the type declarations generated by Typescript for this branch compared to the baseline ('main' branch). Please, review them to ensure they are backward-compatible. Here are some important things to keep in mind:
New type declarationsWe found no new type declarations in this PR Existing type declarationspackages/cli-kit/dist/private/node/session/exchange.d.ts@@ -26,15 +26,33 @@ export declare function exchangeAccessForApplicationTokens(identityToken: Identi
*/
export declare function refreshAccessToken(currentToken: IdentityToken): Promise<IdentityToken>;
/**
- * Given a custom CLI token passed as ENV variable, request a valid partners API token
+ * Given a custom CLI token passed as ENV variable, request a valid Partners API token
* This token does not accept extra scopes, just the cli one.
- * @param token - The CLI token passed as ENV variable
+ * @param token - The CLI token passed as ENV variable
* @returns An instance with the application access tokens.
*/
export declare function exchangeCustomPartnerToken(token: string): Promise<{
accessToken: string;
userId: string;
}>;
+/**
+ * Given a custom CLI token passed as ENV variable, request a valid App Management API token
+ * @param token - The CLI token passed as ENV variable
+ * @returns An instance with the application access tokens.
+ */
+export declare function exchangeCliTokenForAppManagementAccessToken(token: string): Promise<{
+ accessToken: string;
+ userId: string;
+}>;
+/**
+ * Given a custom CLI token passed as ENV variable, request a valid Business Platform API token
+ * @param token - The CLI token passed as ENV variable
+ * @returns An instance with the application access tokens.
+ */
+export declare function exchangeCliTokenForBusinessPlatformAccessToken(token: string): Promise<{
+ accessToken: string;
+ userId: string;
+}>;
type IdentityDeviceError = 'authorization_pending' | 'access_denied' | 'expired_token' | 'slow_down' | 'unknown_failure';
/**
* Given a deviceCode obtained after starting a device identity flow, request an identity token.
packages/cli-kit/dist/public/node/context/local.d.ts@@ -25,13 +25,6 @@ export declare function isDevelopment(env?: NodeJS.ProcessEnv): boolean;
* @returns True if SHOPIFY_FLAG_VERBOSE is truthy or the flag --verbose has been passed.
*/
export declare function isVerbose(env?: NodeJS.ProcessEnv): boolean;
-/**
- * It returns true if the App Management API is disabled.
- * This should only be relevant when using a Partners token.
- *
- * @returns True if the App Management API is disabled.
- */
-export declare function isAppManagementDisabled(): boolean;
/**
* Returns true if the environment in which the CLI is running is either
* a local environment (where dev is present) or a cloud environment (spin).
|
isaacroldan
reviewed
Apr 11, 2025
| })) | ||
|
|
||
| if (organizations.length > 1) { | ||
| throw new Error('Multiple organizations found for the CLI token') |
There was a problem hiding this comment.
let's report this as a BugError since is something that should never happen and we want it properly reported
isaacroldan
reviewed
Apr 11, 2025
Comment on lines
+131
to
+134
| return exchangeCliTokenForAccessToken('business-platform', token, [ | ||
| 'https://api.shopify.com/auth/destinations.readonly', | ||
| 'https://api.shopify.com/auth/organization.store-management', | ||
| ]) |
There was a problem hiding this comment.
We have a function called apiScopes that gives you the default scopes for each API so you don't need to duplicate them here. (same for partners and app-management above)
|
This will break old CLI tokens only if they try to access the app-management API right? |
isaacroldan
approved these changes
Apr 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WHY are these changes introduced?
Closes
WHAT is this pull request doing?
Add support to use the CLI token for app management API
isAppManagementDisabled()function that disables App Management API if a CLI Token is providedServiceAccountuserUserInfoquery to get the first 2 organizations the user/CLI token service account belongs toPartners API,BP APIandApp Management API, the token exchange requests will fail if the CLI token does not contain enough scopes.How to test your changes?
Steps
Tested flows
✅ With CLI Token,
shopify app config linka Partners app✅ With CLI Token,
shopify app config linka dev dash app✅ With CLI Token,
shopify app deploya dev dash app✅ With CLI Token,
shopify app deploya Partners app✅ With a user session,
shopify app config linka Partners app✅ With a user session,
shopify app config linka dev dash app✅ With a user session,
shopify app deploya dev dash app✅ With a user session,
shopify app deploya Partners app✅ With CLI token,
shopify app infoto display a Partners app✅ With CLI token,
shopify app infoto display a dev dash appPost-release steps
Measuring impact
How do we know this change was effective? Please choose one:
Checklist