@shopify/cli-kit 3.0.25 → 3.1.0

package/dist/plugins.d.ts

@@ -0,0 +1,9 @@
+import { Plugin } from '@oclif/core/lib/interfaces';
+interface TunnelPlugin {
+    start: (options: TunnelStartOptions) => Promise<string>;
+}
+interface TunnelStartOptions {
+    port: number;
+}
+export declare function lookupTunnelPlugin(plugins: Plugin[]): Promise<TunnelPlugin | undefined>;
+export {};

package/dist/plugins.js

@@ -0,0 +1,12 @@
+import { join, pathToFileURL } from './path.js';
+import { debug, content } from './output.js';
+const TUNNEL_PLUGINS = ['@shopify/plugin-ngrok'];
+export async function lookupTunnelPlugin(plugins) {
+    debug(content `Looking up the Ngrok tunnel plugin...`);
+    const tunnelPlugin = plugins.find((plugin) => TUNNEL_PLUGINS.includes(plugin.name));
+    if (!tunnelPlugin)
+        return undefined;
+    const tunnelPath = pathToFileURL(join(tunnelPlugin.root, 'dist/tunnel.js')).toString();
+    return import(tunnelPath).catch(() => undefined);
+}
+//# sourceMappingURL=plugins.js.map

package/dist/plugins.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugins.js","sourceRoot":"","sources":["../src/plugins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,IAAI,EAAE,aAAa,EAAC,MAAM,WAAW,CAAA;AAC7C,OAAO,EAAC,KAAK,EAAE,OAAO,EAAC,MAAM,aAAa,CAAA;AAG1C,MAAM,cAAc,GAAG,CAAC,uBAAuB,CAAC,CAAA;AAUhD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAAiB;IACxD,KAAK,CAAC,OAAO,CAAA,uCAAuC,CAAC,CAAA;IACrD,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;IACnF,IAAI,CAAC,YAAY;QAAE,OAAO,SAAS,CAAA;IACnC,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IACtF,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;AAClD,CAAC","sourcesContent":["import {join, pathToFileURL} from './path.js'\nimport {debug, content} from './output.js'\nimport {Plugin} from '@oclif/core/lib/interfaces'\n\nconst TUNNEL_PLUGINS = ['@shopify/plugin-ngrok']\n\ninterface TunnelPlugin {\n  start: (options: TunnelStartOptions) => Promise<string>\n}\n\ninterface TunnelStartOptions {\n  port: number\n}\n\nexport async function lookupTunnelPlugin(plugins: Plugin[]): Promise<TunnelPlugin | undefined> {\n  debug(content`Looking up the Ngrok tunnel plugin...`)\n  const tunnelPlugin = plugins.find((plugin) => TUNNEL_PLUGINS.includes(plugin.name))\n  if (!tunnelPlugin) return undefined\n  const tunnelPath = pathToFileURL(join(tunnelPlugin.root, 'dist/tunnel.js')).toString()\n  return import(tunnelPath).catch(() => undefined)\n}\n"]}

package/dist/port.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Returns an available port in the current environment.
+ * @returns {Promise<number>} A promise that resolves with an availabe port.
+ */
+export declare function getRandomPort(): Promise<number>;

package/dist/port.js

@@ -0,0 +1,35 @@
+import { debug, content, token } from './output.js';
+import { Abort } from './error.js';
+import { sleep } from './system.js';
+import * as port from 'get-port-please';
+/**
+ * Returns an available port in the current environment.
+ * @returns {Promise<number>} A promise that resolves with an availabe port.
+ */
+export async function getRandomPort() {
+    debug(content `Getting a random port...`);
+    const randomPort = retryOnError(() => port.getRandomPort());
+    debug(content `Random port obtained: ${token.raw(`${randomPort}`)}`);
+    return randomPort;
+}
+async function retryOnError(execute, maxTries = 5, waitTimeInSeconds = 1) {
+    let retryCount = 1;
+    while (true) {
+        try {
+            // eslint-disable-next-line no-await-in-loop
+            return await execute();
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        }
+        catch (error) {
+            if (retryCount++ < maxTries) {
+                debug(content `Unknown problem getting a random port: ${error.message}`);
+                // eslint-disable-next-line no-await-in-loop
+                await sleep(waitTimeInSeconds);
+            }
+            else {
+                throw new Abort(error.message);
+            }
+        }
+    }
+}
+//# sourceMappingURL=port.js.map

package/dist/port.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"port.js","sourceRoot":"","sources":["../src/port.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AACjD,OAAO,EAAC,KAAK,EAAC,MAAM,YAAY,CAAA;AAChC,OAAO,EAAC,KAAK,EAAC,MAAM,aAAa,CAAA;AACjC,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAA;AAEvC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,KAAK,CAAC,OAAO,CAAA,0BAA0B,CAAC,CAAA;IACxC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAA;IAC3D,KAAK,CAAC,OAAO,CAAA,yBAAyB,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,CAAC,CAAA;IACnE,OAAO,UAAU,CAAA;AACnB,CAAC;AAED,KAAK,UAAU,YAAY,CAAI,OAAgB,EAAE,QAAQ,GAAG,CAAC,EAAE,iBAAiB,GAAG,CAAC;IAClF,IAAI,UAAU,GAAG,CAAC,CAAA;IAClB,OAAO,IAAI,EAAE;QACX,IAAI;YACF,4CAA4C;YAC5C,OAAO,MAAM,OAAO,EAAE,CAAA;YACtB,8DAA8D;SAC/D;QAAC,OAAO,KAAU,EAAE;YACnB,IAAI,UAAU,EAAE,GAAG,QAAQ,EAAE;gBAC3B,KAAK,CAAC,OAAO,CAAA,0CAA0C,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;gBACvE,4CAA4C;gBAC5C,MAAM,KAAK,CAAC,iBAAiB,CAAC,CAAA;aAC/B;iBAAM;gBACL,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;aAC/B;SACF;KACF;AACH,CAAC","sourcesContent":["import {debug, content, token} from './output.js'\nimport {Abort} from './error.js'\nimport {sleep} from './system.js'\nimport * as port from 'get-port-please'\n\n/**\n * Returns an available port in the current environment.\n * @returns {Promise<number>} A promise that resolves with an availabe port.\n */\nexport async function getRandomPort(): Promise<number> {\n  debug(content`Getting a random port...`)\n  const randomPort = retryOnError(() => port.getRandomPort())\n  debug(content`Random port obtained: ${token.raw(`${randomPort}`)}`)\n  return randomPort\n}\n\nasync function retryOnError<T>(execute: () => T, maxTries = 5, waitTimeInSeconds = 1) {\n  let retryCount = 1\n  while (true) {\n    try {\n      // eslint-disable-next-line no-await-in-loop\n      return await execute()\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    } catch (error: any) {\n      if (retryCount++ < maxTries) {\n        debug(content`Unknown problem getting a random port: ${error.message}`)\n        // eslint-disable-next-line no-await-in-loop\n        await sleep(waitTimeInSeconds)\n      } else {\n        throw new Abort(error.message)\n      }\n    }\n  }\n}\n"]}

package/dist/schema.d.ts

@@ -0,0 +1 @@
+export { z as define } from 'zod';

package/dist/schema.js

@@ -0,0 +1,2 @@
+export { z as define } from 'zod';
+//# sourceMappingURL=schema.js.map

package/dist/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,CAAC,IAAI,MAAM,EAAC,MAAM,KAAK,CAAA","sourcesContent":["export {z as define} from 'zod'\n"]}

package/dist/secure-store.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Fetches secured content from the system's keychain.
+ * @param identifier {string} Identifier to identify the content.
+ * @returns A promise that resolves with the content or null if it doesn't exist.
+ */
+export declare function fetch(identifier: string): Promise<string | null>;
+/**
+ * Securely stores the content under the given key.
+ * @param identifier {string} Identifier to identify the content.
+ * @param content {string} The content to be stored.
+ * @returns A promise that resolves when the storing completes.
+ */
+export declare function store(identifier: string, content: string): Promise<void>;
+/**
+ * Removes the content with the given identifier.
+ * @param identifier {string} Identifier to identify the content.
+ * @returns A promise that resolves with true if the content was deleted.
+ */
+export declare function remove(identifier: string): Promise<boolean>;

package/dist/secure-store.js

@@ -0,0 +1,63 @@
+import constants from './constants.js';
+import { content as outputContent, debug } from './output.js';
+import { Abort } from './error.js';
+/**
+ * Fetches secured content from the system's keychain.
+ * @param identifier {string} Identifier to identify the content.
+ * @returns A promise that resolves with the content or null if it doesn't exist.
+ */
+export async function fetch(identifier) {
+    debug(outputContent `Reading ${identifier} from the secure store...`);
+    try {
+        const keytar = await import('keytar');
+        const content = await keytar.getPassword(constants.keychain.service, identifier);
+        return content;
+    }
+    catch (error) {
+        throw createAbort(error, 'Unable to read from the secure store');
+    }
+}
+/**
+ * Securely stores the content under the given key.
+ * @param identifier {string} Identifier to identify the content.
+ * @param content {string} The content to be stored.
+ * @returns A promise that resolves when the storing completes.
+ */
+export async function store(identifier, content) {
+    debug(outputContent `Updating ${identifier} in the secure store with new content...`);
+    try {
+        const keytar = await import('keytar');
+        await keytar.default.setPassword(constants.keychain.service, identifier, content);
+    }
+    catch (error) {
+        throw createAbort(error, 'Unable to update the secure store');
+    }
+}
+/**
+ * Removes the content with the given identifier.
+ * @param identifier {string} Identifier to identify the content.
+ * @returns A promise that resolves with true if the content was deleted.
+ */
+export async function remove(identifier) {
+    debug(outputContent `Removing ${identifier} from the secure store...`);
+    try {
+        const keytar = await import('keytar');
+        const result = await keytar.default.deletePassword(constants.keychain.service, identifier);
+        return result;
+    }
+    catch (error) {
+        throw createAbort(error, 'Unable to remove from the secure store');
+    }
+}
+function createAbort(error, message) {
+    let newMessage = message;
+    let stack = '';
+    if (error instanceof Error) {
+        newMessage = message.concat(`: ${error.message}`);
+        stack = error.stack;
+    }
+    const abort = new Abort(newMessage);
+    abort.stack = stack;
+    return abort;
+}
+//# sourceMappingURL=secure-store.js.map

package/dist/secure-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-store.js","sourceRoot":"","sources":["../src/secure-store.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,gBAAgB,CAAA;AACtC,OAAO,EAAC,OAAO,IAAI,aAAa,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AAC3D,OAAO,EAAC,KAAK,EAAC,MAAM,YAAY,CAAA;AAEhC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,UAAkB;IAC5C,KAAK,CAAC,aAAa,CAAA,WAAW,UAAU,2BAA2B,CAAC,CAAA;IACpE,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAA;QACrC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;QAChF,OAAO,OAAO,CAAA;KACf;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,WAAW,CAAC,KAAK,EAAE,sCAAsC,CAAC,CAAA;KACjE;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,UAAkB,EAAE,OAAe;IAC7D,KAAK,CAAC,aAAa,CAAA,YAAY,UAAU,0CAA0C,CAAC,CAAA;IACpF,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAA;QACrC,MAAM,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;KAClF;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,WAAW,CAAC,KAAK,EAAE,mCAAmC,CAAC,CAAA;KAC9D;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,UAAkB;IAC7C,KAAK,CAAC,aAAa,CAAA,YAAY,UAAU,2BAA2B,CAAC,CAAA;IACrE,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAA;QACrC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;QAC1F,OAAO,MAAM,CAAA;KACd;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,WAAW,CAAC,KAAK,EAAE,wCAAwC,CAAC,CAAA;KACnE;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,OAAe;IAClD,IAAI,UAAU,GAAG,OAAO,CAAA;IACxB,IAAI,KAAK,GAAuB,EAAE,CAAA;IAClC,IAAI,KAAK,YAAY,KAAK,EAAE;QAC1B,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;QACjD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAA;KACpB;IACD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,UAAU,CAAC,CAAA;IACnC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;IACnB,OAAO,KAAK,CAAA;AACd,CAAC","sourcesContent":["import constants from './constants.js'\nimport {content as outputContent, debug} from './output.js'\nimport {Abort} from './error.js'\n\n/**\n * Fetches secured content from the system's keychain.\n * @param identifier {string} Identifier to identify the content.\n * @returns A promise that resolves with the content or null if it doesn't exist.\n */\nexport async function fetch(identifier: string): Promise<string | null> {\n  debug(outputContent`Reading ${identifier} from the secure store...`)\n  try {\n    const keytar = await import('keytar')\n    const content = await keytar.getPassword(constants.keychain.service, identifier)\n    return content\n  } catch (error) {\n    throw createAbort(error, 'Unable to read from the secure store')\n  }\n}\n\n/**\n * Securely stores the content under the given key.\n * @param identifier {string} Identifier to identify the content.\n * @param content {string} The content to be stored.\n * @returns A promise that resolves when the storing completes.\n */\nexport async function store(identifier: string, content: string): Promise<void> {\n  debug(outputContent`Updating ${identifier} in the secure store with new content...`)\n  try {\n    const keytar = await import('keytar')\n    await keytar.default.setPassword(constants.keychain.service, identifier, content)\n  } catch (error) {\n    throw createAbort(error, 'Unable to update the secure store')\n  }\n}\n\n/**\n * Removes the content with the given identifier.\n * @param identifier {string} Identifier to identify the content.\n * @returns A promise that resolves with true if the content was deleted.\n */\nexport async function remove(identifier: string): Promise<boolean> {\n  debug(outputContent`Removing ${identifier} from the secure store...`)\n  try {\n    const keytar = await import('keytar')\n    const result = await keytar.default.deletePassword(constants.keychain.service, identifier)\n    return result\n  } catch (error) {\n    throw createAbort(error, 'Unable to remove from the secure store')\n  }\n}\n\nfunction createAbort(error: unknown, message: string) {\n  let newMessage = message\n  let stack: string | undefined = ''\n  if (error instanceof Error) {\n    newMessage = message.concat(`: ${error.message}`)\n    stack = error.stack\n  }\n  const abort = new Abort(newMessage)\n  abort.stack = stack\n  return abort\n}\n"]}

package/dist/semver.d.ts

@@ -0,0 +1,3 @@
+declare const coerce: any, SemVer: any;
+export { SemVer as Version };
+export { coerce };

package/dist/semver.js

@@ -0,0 +1,6 @@
+import { createRequire } from 'module';
+const require = createRequire(import.meta.url);
+const { coerce, SemVer } = require('semver');
+export { SemVer as Version };
+export { coerce };
+//# sourceMappingURL=semver.js.map

package/dist/semver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"semver.js","sourceRoot":"","sources":["../src/semver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,QAAQ,CAAA;AAEpC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC9C,MAAM,EAAC,MAAM,EAAE,MAAM,EAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAE1C,OAAO,EAAC,MAAM,IAAI,OAAO,EAAC,CAAA;AAC1B,OAAO,EAAC,MAAM,EAAC,CAAA","sourcesContent":["import {createRequire} from 'module'\n\nconst require = createRequire(import.meta.url)\nconst {coerce, SemVer} = require('semver')\n\nexport {SemVer as Version}\nexport {coerce}\n"]}

package/dist/session/authorize.d.ts

@@ -0,0 +1,7 @@
+import { Abort } from '../error.js';
+export declare const MismatchStateError: Abort;
+export interface CodeAuthResult {
+    code: string;
+    codeVerifier: string;
+}
+export declare function authorize(scopes: string[], state?: string): Promise<CodeAuthResult>;

package/dist/session/authorize.js

@@ -0,0 +1,40 @@
+import { listenRedirect } from './redirect-listener.js';
+import { clientId } from './identity.js';
+import { generateRandomChallengePair, randomHex } from '../string.js';
+import { open } from '../system.js';
+import { Abort } from '../error.js';
+import { identity as identityFqdn } from '../environment/fqdn.js';
+import * as output from '../output.js';
+import { keypress } from '../ui.js';
+export const MismatchStateError = new Abort("The state received from the authentication doesn't match the one that initiated the authentication process.");
+export async function authorize(scopes, state = randomHex(30)) {
+    const port = 3456;
+    const host = '127.0.0.1';
+    const redirectUri = `http://${host}:${port}`;
+    const fqdn = await identityFqdn();
+    const identityClientId = await clientId();
+    let url = `http://${fqdn}/oauth/authorize`;
+    const { codeVerifier, codeChallenge } = generateRandomChallengePair();
+    /* eslint-disable @typescript-eslint/naming-convention */
+    const params = {
+        client_id: identityClientId,
+        scope: scopes.join(' '),
+        redirect_uri: redirectUri,
+        state,
+        response_type: 'code',
+        code_challenge_method: 'S256',
+        code_challenge: codeChallenge,
+    };
+    /* eslint-enable @typescript-eslint/naming-convention */
+    output.info('\nTo run this command, log in to Shopify Partners.');
+    output.info('👉 Press any key to open the login page on your browser');
+    await keypress();
+    url = `${url}?${new URLSearchParams(params).toString()}`;
+    open(url);
+    const result = await listenRedirect(host, port, url);
+    if (result.state !== state) {
+        throw MismatchStateError;
+    }
+    return { code: result.code, codeVerifier };
+}
+//# sourceMappingURL=authorize.js.map

package/dist/session/authorize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.js","sourceRoot":"","sources":["../../src/session/authorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,wBAAwB,CAAA;AACrD,OAAO,EAAC,QAAQ,EAAC,MAAM,eAAe,CAAA;AACtC,OAAO,EAAC,2BAA2B,EAAE,SAAS,EAAC,MAAM,cAAc,CAAA;AACnE,OAAO,EAAC,IAAI,EAAC,MAAM,cAAc,CAAA;AACjC,OAAO,EAAC,KAAK,EAAC,MAAM,aAAa,CAAA;AACjC,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAC,MAAM,wBAAwB,CAAA;AAC/D,OAAO,KAAK,MAAM,MAAM,cAAc,CAAA;AACtC,OAAO,EAAC,QAAQ,EAAC,MAAM,UAAU,CAAA;AAEjC,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,KAAK,CACzC,6GAA6G,CAC9G,CAAA;AAOD,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,MAAgB,EAAE,QAAgB,SAAS,CAAC,EAAE,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAA;IACjB,MAAM,IAAI,GAAG,WAAW,CAAA;IACxB,MAAM,WAAW,GAAG,UAAU,IAAI,IAAI,IAAI,EAAE,CAAA;IAC5C,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,gBAAgB,GAAG,MAAM,QAAQ,EAAE,CAAA;IAEzC,IAAI,GAAG,GAAG,UAAU,IAAI,kBAAkB,CAAA;IAE1C,MAAM,EAAC,YAAY,EAAE,aAAa,EAAC,GAAG,2BAA2B,EAAE,CAAA;IAEnE,yDAAyD;IACzD,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,gBAAgB;QAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,YAAY,EAAE,WAAW;QACzB,KAAK;QACL,aAAa,EAAE,MAAM;QACrB,qBAAqB,EAAE,MAAM;QAC7B,cAAc,EAAE,aAAa;KAC9B,CAAA;IACD,wDAAwD;IAExD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAA;IACjE,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAA;IACtE,MAAM,QAAQ,EAAE,CAAA;IAEhB,GAAG,GAAG,GAAG,GAAG,IAAI,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAA;IACxD,IAAI,CAAC,GAAG,CAAC,CAAA;IAET,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,CAAA;IAEpD,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE;QAC1B,MAAM,kBAAkB,CAAA;KACzB;IAED,OAAO,EAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,YAAY,EAAC,CAAA;AAC1C,CAAC","sourcesContent":["import {listenRedirect} from './redirect-listener.js'\nimport {clientId} from './identity.js'\nimport {generateRandomChallengePair, randomHex} from '../string.js'\nimport {open} from '../system.js'\nimport {Abort} from '../error.js'\nimport {identity as identityFqdn} from '../environment/fqdn.js'\nimport * as output from '../output.js'\nimport {keypress} from '../ui.js'\n\nexport const MismatchStateError = new Abort(\n  \"The state received from the authentication doesn't match the one that initiated the authentication process.\",\n)\n\nexport interface CodeAuthResult {\n  code: string\n  codeVerifier: string\n}\n\nexport async function authorize(scopes: string[], state: string = randomHex(30)): Promise<CodeAuthResult> {\n  const port = 3456\n  const host = '127.0.0.1'\n  const redirectUri = `http://${host}:${port}`\n  const fqdn = await identityFqdn()\n  const identityClientId = await clientId()\n\n  let url = `http://${fqdn}/oauth/authorize`\n\n  const {codeVerifier, codeChallenge} = generateRandomChallengePair()\n\n  /* eslint-disable @typescript-eslint/naming-convention */\n  const params = {\n    client_id: identityClientId,\n    scope: scopes.join(' '),\n    redirect_uri: redirectUri,\n    state,\n    response_type: 'code',\n    code_challenge_method: 'S256',\n    code_challenge: codeChallenge,\n  }\n  /* eslint-enable @typescript-eslint/naming-convention */\n\n  output.info('\\nTo run this command, log in to Shopify Partners.')\n  output.info('👉 Press any key to open the login page on your browser')\n  await keypress()\n\n  url = `${url}?${new URLSearchParams(params).toString()}`\n  open(url)\n\n  const result = await listenRedirect(host, port, url)\n\n  if (result.state !== state) {\n    throw MismatchStateError\n  }\n\n  return {code: result.code, codeVerifier}\n}\n"]}

package/dist/session/exchange.d.ts

@@ -0,0 +1,42 @@
+import { ApplicationToken, IdentityToken } from './schema.js';
+import { CodeAuthResult } from './authorize.js';
+export declare class InvalidGrantError extends Error {
+}
+export interface ExchangeScopes {
+    admin: string[];
+    partners: string[];
+    storefront: string[];
+}
+/**
+ * Given a valid authorization code, request an identity access token.
+ * This token can then be used to get API specific tokens.
+ * @param codeData code and codeVerifier from the authorize endpoint
+ * @param clientId
+ * @param identityFqdn
+ * @returns {Promise<IdentityToken>} An instance with the identity access tokens.
+ */
+export declare function exchangeCodeForAccessToken(codeData: CodeAuthResult): Promise<IdentityToken>;
+/**
+ * Given an identity token, request an application token.
+ * @param token access token obtained in a previous step
+ * @param store the store to use, only needed for admin API
+ * @param clientId
+ * @param identityFqdn
+ * @returns {Promise<ApplicationSchema>} An array with the application access tokens.
+ */
+export declare function exchangeAccessForApplicationTokens(identityToken: IdentityToken, scopes: ExchangeScopes, store?: string): Promise<{
+    [x: string]: ApplicationToken;
+}>;
+/**
+ * Given an expired access token, refresh it to get a new one.
+ * @param currentToken
+ * @returns
+ */
+export declare function refreshAccessToken(currentToken: IdentityToken): Promise<IdentityToken>;
+/**
+ * Given a custom CLI token passed as ENV variable, request a valid partners API token
+ * This token does not accept extra scopes, just the cli one.
+ * @param token {string} The CLI token passed as ENV variable
+ * @returns {Promise<ApplicationToken>} An instance with the application access tokens.
+ */
+export declare function exchangeCustomPartnerToken(token: string): Promise<ApplicationToken>;

package/dist/session/exchange.js

@@ -0,0 +1,144 @@
+import { applicationId, clientId as getIdentityClientId } from './identity.js';
+import * as secureStore from './store.js';
+import { Abort } from '../error.js';
+import { fetch } from '../http.js';
+import { identity as identityFqdn } from '../environment/fqdn.js';
+export class InvalidGrantError extends Error {
+}
+const InvalidIdentityError = new Abort('\nError validating auth session', "We've cleared the current session, please try again");
+/**
+ * Given a valid authorization code, request an identity access token.
+ * This token can then be used to get API specific tokens.
+ * @param codeData code and codeVerifier from the authorize endpoint
+ * @param clientId
+ * @param identityFqdn
+ * @returns {Promise<IdentityToken>} An instance with the identity access tokens.
+ */
+export async function exchangeCodeForAccessToken(codeData) {
+    const clientId = await getIdentityClientId();
+    /* eslint-disable @typescript-eslint/naming-convention */
+    const params = {
+        grant_type: 'authorization_code',
+        code: codeData.code,
+        redirect_uri: 'http://127.0.0.1:3456',
+        client_id: clientId,
+        code_verifier: codeData.codeVerifier,
+    };
+    /* eslint-enable @typescript-eslint/naming-convention */
+    return tokenRequest(params).then(buildIdentityToken);
+}
+/**
+ * Given an identity token, request an application token.
+ * @param token access token obtained in a previous step
+ * @param store the store to use, only needed for admin API
+ * @param clientId
+ * @param identityFqdn
+ * @returns {Promise<ApplicationSchema>} An array with the application access tokens.
+ */
+export async function exchangeAccessForApplicationTokens(identityToken, scopes, store) {
+    const token = identityToken.accessToken;
+    const partners = await requestAppToken('partners', token, scopes.partners);
+    const storefront = await requestAppToken('storefront-renderer', token, scopes.storefront);
+    const result = {
+        ...partners,
+        ...storefront,
+    };
+    if (store) {
+        const admin = await requestAppToken('admin', token, scopes.admin, store);
+        Object.assign(result, admin);
+    }
+    return result;
+}
+/**
+ * Given an expired access token, refresh it to get a new one.
+ * @param currentToken
+ * @returns
+ */
+export async function refreshAccessToken(currentToken) {
+    const clientId = await getIdentityClientId();
+    /* eslint-disable @typescript-eslint/naming-convention */
+    const params = {
+        grant_type: 'refresh_token',
+        access_token: currentToken.accessToken,
+        refresh_token: currentToken.refreshToken,
+        client_id: clientId,
+    };
+    /* eslint-enable @typescript-eslint/naming-convention */
+    return tokenRequest(params).then(buildIdentityToken);
+}
+/**
+ * Given a custom CLI token passed as ENV variable, request a valid partners API token
+ * This token does not accept extra scopes, just the cli one.
+ * @param token {string} The CLI token passed as ENV variable
+ * @returns {Promise<ApplicationToken>} An instance with the application access tokens.
+ */
+export async function exchangeCustomPartnerToken(token) {
+    const appId = applicationId('partners');
+    const newToken = await requestAppToken('partners', token, ['https://api.shopify.com/auth/partners.app.cli.access']);
+    return newToken[appId];
+}
+async function requestAppToken(api, token, scopes = [], store) {
+    const appId = applicationId(api);
+    const clientId = await getIdentityClientId();
+    /* eslint-disable @typescript-eslint/naming-convention */
+    const params = {
+        grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
+        requested_token_type: 'urn:ietf:params:oauth:token-type:access_token',
+        subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',
+        client_id: clientId,
+        audience: appId,
+        scope: scopes.join(' '),
+        subject_token: token,
+        ...(api === 'admin' && { destination: `https://${store}/admin` }),
+    };
+    /* eslint-enable @typescript-eslint/naming-convention */
+    let identifier = appId;
+    if (api === 'admin' && store) {
+        identifier = `${store}-${appId}`;
+    }
+    const appToken = await tokenRequest(params).then(buildApplicationToken);
+    return { [identifier]: appToken };
+}
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+async function tokenRequest(params) {
+    const fqdn = await identityFqdn();
+    const url = new URL(`https://${fqdn}/oauth/token`);
+    url.search = new URLSearchParams(Object.entries(params)).toString();
+    const res = await fetch(url.href, { method: 'POST' });
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const payload = await res.json();
+    if (!res.ok) {
+        if (payload.error === 'invalid_grant') {
+            // There's an scenario when Identity returns "invalid_grant" when trying to refresh the token
+            // using a valid refresh token. When that happens, we take the user through the authentication flow.
+            throw new InvalidGrantError(payload.error_description);
+        }
+        else if (payload.error === 'invalid_request') {
+            // There's an scenario when Identity returns "invalid_request" when exchanging an identity token.
+            // This means the token is invalid. We clear the session and throw an error to let the caller know.
+            secureStore.remove();
+            throw InvalidIdentityError;
+        }
+        else {
+            throw new Abort(payload.error_description);
+        }
+    }
+    return payload;
+}
+function buildIdentityToken(result) {
+    return {
+        accessToken: result.access_token,
+        refreshToken: result.refresh_token,
+        expiresAt: new Date(Date.now() + result.expires_in * 1000),
+        scopes: result.scope.split(' '),
+    };
+}
+// eslint-disable-next-line @typescript-eslint/naming-convention
+function buildApplicationToken(result) {
+    return {
+        accessToken: result.access_token,
+        expiresAt: new Date(Date.now() + result.expires_in * 1000),
+        scopes: result.scope.split(' '),
+    };
+}
+//# sourceMappingURL=exchange.js.map

package/dist/session/exchange.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../src/session/exchange.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,aAAa,EAAE,QAAQ,IAAI,mBAAmB,EAAC,MAAM,eAAe,CAAA;AAE5E,OAAO,KAAK,WAAW,MAAM,YAAY,CAAA;AACzC,OAAO,EAAC,KAAK,EAAC,MAAM,aAAa,CAAA;AAEjC,OAAO,EAAC,KAAK,EAAC,MAAM,YAAY,CAAA;AAChC,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAC,MAAM,wBAAwB,CAAA;AAE/D,MAAM,OAAO,iBAAkB,SAAQ,KAAK;CAAG;AAE/C,MAAM,oBAAoB,GAAG,IAAI,KAAK,CACpC,iCAAiC,EACjC,qDAAqD,CACtD,CAAA;AAOD;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,QAAwB;IACvE,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAC5C,yDAAyD;IACzD,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,oBAAoB;QAChC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,YAAY,EAAE,uBAAuB;QACrC,SAAS,EAAE,QAAQ;QACnB,aAAa,EAAE,QAAQ,CAAC,YAAY;KACrC,CAAA;IACD,wDAAwD;IAExD,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;AACtD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,kCAAkC,CACtD,aAA4B,EAC5B,MAAsB,EACtB,KAAc;IAEd,MAAM,KAAK,GAAG,aAAa,CAAC,WAAW,CAAA;IAEvC,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC1E,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,qBAAqB,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;IAEzF,MAAM,MAAM,GAAG;QACb,GAAG,QAAQ;QACX,GAAG,UAAU;KACd,CAAA;IAED,IAAI,KAAK,EAAE;QACT,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QACxE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;KAC7B;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAA2B;IAClE,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAC5C,yDAAyD;IACzD,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,eAAe;QAC3B,YAAY,EAAE,YAAY,CAAC,WAAW;QACtC,aAAa,EAAE,YAAY,CAAC,YAAY;QACxC,SAAS,EAAE,QAAQ;KACpB,CAAA;IACD,wDAAwD;IACxD,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;AACtD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,KAAa;IAC5D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;IACvC,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,sDAAsD,CAAC,CAAC,CAAA;IACnH,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAA;AACxB,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,GAAQ,EACR,KAAa,EACb,SAAmB,EAAE,EACrB,KAAc;IAEd,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA;IAChC,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAE5C,yDAAyD;IACzD,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,iDAAiD;QAC7D,oBAAoB,EAAE,+CAA+C;QACrE,kBAAkB,EAAE,+CAA+C;QACnE,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,aAAa,EAAE,KAAK;QACpB,GAAG,CAAC,GAAG,KAAK,OAAO,IAAI,EAAC,WAAW,EAAE,WAAW,KAAK,QAAQ,EAAC,CAAC;KAChE,CAAA;IACD,wDAAwD;IAExD,IAAI,UAAU,GAAG,KAAK,CAAA;IACtB,IAAI,GAAG,KAAK,OAAO,IAAI,KAAK,EAAE;QAC5B,UAAU,GAAG,GAAG,KAAK,IAAI,KAAK,EAAE,CAAA;KACjC;IACD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;IACvE,OAAO,EAAC,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAC,CAAA;AACjC,CAAC;AAED,8DAA8D;AAC9D,KAAK,UAAU,YAAY,CAAC,MAA+B;IACzD,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,cAAc,CAAC,CAAA;IAClD,GAAG,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IACnE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAC,MAAM,EAAE,MAAM,EAAC,CAAC,CAAA;IACnD,8DAA8D;IAC9D,MAAM,OAAO,GAAQ,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;IACrC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE;QACX,IAAI,OAAO,CAAC,KAAK,KAAK,eAAe,EAAE;YACrC,6FAA6F;YAC7F,oGAAoG;YACpG,MAAM,IAAI,iBAAiB,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAA;SACvD;aAAM,IAAI,OAAO,CAAC,KAAK,KAAK,iBAAiB,EAAE;YAC9C,iGAAiG;YACjG,mGAAmG;YACnG,WAAW,CAAC,MAAM,EAAE,CAAA;YACpB,MAAM,oBAAoB,CAAA;SAC3B;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAA;SAC3C;KACF;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,MAQ3B;IACC,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;KAChC,CAAA;AACH,CAAC;AAED,gEAAgE;AAChE,SAAS,qBAAqB,CAAC,MAAiE;IAC9F,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;KAChC,CAAA;AACH,CAAC","sourcesContent":["import {ApplicationToken, IdentityToken} from './schema.js'\nimport {applicationId, clientId as getIdentityClientId} from './identity.js'\nimport {CodeAuthResult} from './authorize.js'\nimport * as secureStore from './store.js'\nimport {Abort} from '../error.js'\nimport {API} from '../network/api.js'\nimport {fetch} from '../http.js'\nimport {identity as identityFqdn} from '../environment/fqdn.js'\n\nexport class InvalidGrantError extends Error {}\n\nconst InvalidIdentityError = new Abort(\n  '\\nError validating auth session',\n  \"We've cleared the current session, please try again\",\n)\n\nexport interface ExchangeScopes {\n  admin: string[]\n  partners: string[]\n  storefront: string[]\n}\n/**\n * Given a valid authorization code, request an identity access token.\n * This token can then be used to get API specific tokens.\n * @param codeData code and codeVerifier from the authorize endpoint\n * @param clientId\n * @param identityFqdn\n * @returns {Promise<IdentityToken>} An instance with the identity access tokens.\n */\nexport async function exchangeCodeForAccessToken(codeData: CodeAuthResult): Promise<IdentityToken> {\n  const clientId = await getIdentityClientId()\n  /* eslint-disable @typescript-eslint/naming-convention */\n  const params = {\n    grant_type: 'authorization_code',\n    code: codeData.code,\n    redirect_uri: 'http://127.0.0.1:3456',\n    client_id: clientId,\n    code_verifier: codeData.codeVerifier,\n  }\n  /* eslint-enable @typescript-eslint/naming-convention */\n\n  return tokenRequest(params).then(buildIdentityToken)\n}\n\n/**\n * Given an identity token, request an application token.\n * @param token access token obtained in a previous step\n * @param store the store to use, only needed for admin API\n * @param clientId\n * @param identityFqdn\n * @returns {Promise<ApplicationSchema>} An array with the application access tokens.\n */\nexport async function exchangeAccessForApplicationTokens(\n  identityToken: IdentityToken,\n  scopes: ExchangeScopes,\n  store?: string,\n): Promise<{[x: string]: ApplicationToken}> {\n  const token = identityToken.accessToken\n\n  const partners = await requestAppToken('partners', token, scopes.partners)\n  const storefront = await requestAppToken('storefront-renderer', token, scopes.storefront)\n\n  const result = {\n    ...partners,\n    ...storefront,\n  }\n\n  if (store) {\n    const admin = await requestAppToken('admin', token, scopes.admin, store)\n    Object.assign(result, admin)\n  }\n  return result\n}\n\n/**\n * Given an expired access token, refresh it to get a new one.\n * @param currentToken\n * @returns\n */\nexport async function refreshAccessToken(currentToken: IdentityToken): Promise<IdentityToken> {\n  const clientId = await getIdentityClientId()\n  /* eslint-disable @typescript-eslint/naming-convention */\n  const params = {\n    grant_type: 'refresh_token',\n    access_token: currentToken.accessToken,\n    refresh_token: currentToken.refreshToken,\n    client_id: clientId,\n  }\n  /* eslint-enable @typescript-eslint/naming-convention */\n  return tokenRequest(params).then(buildIdentityToken)\n}\n\n/**\n * Given a custom CLI token passed as ENV variable, request a valid partners API token\n * This token does not accept extra scopes, just the cli one.\n * @param token {string} The CLI token passed as ENV variable\n * @returns {Promise<ApplicationToken>} An instance with the application access tokens.\n */\nexport async function exchangeCustomPartnerToken(token: string): Promise<ApplicationToken> {\n  const appId = applicationId('partners')\n  const newToken = await requestAppToken('partners', token, ['https://api.shopify.com/auth/partners.app.cli.access'])\n  return newToken[appId]\n}\n\nasync function requestAppToken(\n  api: API,\n  token: string,\n  scopes: string[] = [],\n  store?: string,\n): Promise<{[x: string]: ApplicationToken}> {\n  const appId = applicationId(api)\n  const clientId = await getIdentityClientId()\n\n  /* eslint-disable @typescript-eslint/naming-convention */\n  const params = {\n    grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',\n    requested_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n    subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n    client_id: clientId,\n    audience: appId,\n    scope: scopes.join(' '),\n    subject_token: token,\n    ...(api === 'admin' && {destination: `https://${store}/admin`}),\n  }\n  /* eslint-enable @typescript-eslint/naming-convention */\n\n  let identifier = appId\n  if (api === 'admin' && store) {\n    identifier = `${store}-${appId}`\n  }\n  const appToken = await tokenRequest(params).then(buildApplicationToken)\n  return {[identifier]: appToken}\n}\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nasync function tokenRequest(params: {[key: string]: string}): Promise<any> {\n  const fqdn = await identityFqdn()\n  const url = new URL(`https://${fqdn}/oauth/token`)\n  url.search = new URLSearchParams(Object.entries(params)).toString()\n  const res = await fetch(url.href, {method: 'POST'})\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const payload: any = await res.json()\n  if (!res.ok) {\n    if (payload.error === 'invalid_grant') {\n      // There's an scenario when Identity returns \"invalid_grant\" when trying to refresh the token\n      // using a valid refresh token. When that happens, we take the user through the authentication flow.\n      throw new InvalidGrantError(payload.error_description)\n    } else if (payload.error === 'invalid_request') {\n      // There's an scenario when Identity returns \"invalid_request\" when exchanging an identity token.\n      // This means the token is invalid. We clear the session and throw an error to let the caller know.\n      secureStore.remove()\n      throw InvalidIdentityError\n    } else {\n      throw new Abort(payload.error_description)\n    }\n  }\n  return payload\n}\n\nfunction buildIdentityToken(result: {\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  access_token: string\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  refresh_token: string\n  // eslint-disable-next-line @typescript-eslint/naming-convention\n  expires_in: number\n  scope: string\n}): IdentityToken {\n  return {\n    accessToken: result.access_token,\n    refreshToken: result.refresh_token,\n    expiresAt: new Date(Date.now() + result.expires_in * 1000),\n    scopes: result.scope.split(' '),\n  }\n}\n\n// eslint-disable-next-line @typescript-eslint/naming-convention\nfunction buildApplicationToken(result: {access_token: string; expires_in: number; scope: string}): ApplicationToken {\n  return {\n    accessToken: result.access_token,\n    expiresAt: new Date(Date.now() + result.expires_in * 1000),\n    scopes: result.scope.split(' '),\n  }\n}\n"]}

package/dist/session/identity.d.ts

@@ -0,0 +1,3 @@
+import { API } from '../network/api.js';
+export declare function clientId(): string;
+export declare function applicationId(api: API): string;

package/dist/session/identity.js

@@ -0,0 +1,58 @@
+import { Bug } from '../error.js';
+import { shopify as shopifyEnvironment, partners as partnersEnvironment, identity as identityEnvironment, } from '../environment/service.js';
+import { Environment } from '../network/service.js';
+export function clientId() {
+    const environment = identityEnvironment();
+    if (environment === Environment.Local) {
+        return 'e5380e02-312a-7408-5718-e07017e9cf52';
+    }
+    else if (environment === Environment.Production) {
+        return 'fbdb2649-e327-4907-8f67-908d24cfd7e3';
+    }
+    else {
+        return 'e5380e02-312a-7408-5718-e07017e9cf52';
+    }
+}
+export function applicationId(api) {
+    switch (api) {
+        case 'admin': {
+            const environment = shopifyEnvironment();
+            if (environment === Environment.Local) {
+                return 'e92482cebb9bfb9fb5a0199cc770fde3de6c8d16b798ee73e36c9d815e070e52';
+            }
+            else if (environment === Environment.Production) {
+                return '7ee65a63608843c577db8b23c4d7316ea0a01bd2f7594f8a9c06ea668c1b775c';
+            }
+            else {
+                return 'e92482cebb9bfb9fb5a0199cc770fde3de6c8d16b798ee73e36c9d815e070e52';
+            }
+        }
+        case 'partners': {
+            const environment = partnersEnvironment();
+            if (environment === Environment.Local) {
+                return 'df89d73339ac3c6c5f0a98d9ca93260763e384d51d6038da129889c308973978';
+            }
+            else if (environment === Environment.Production) {
+                return '271e16d403dfa18082ffb3d197bd2b5f4479c3fc32736d69296829cbb28d41a6';
+            }
+            else {
+                return 'df89d73339ac3c6c5f0a98d9ca93260763e384d51d6038da129889c308973978';
+            }
+        }
+        case 'storefront-renderer': {
+            const environment = shopifyEnvironment();
+            if (environment === Environment.Local) {
+                return '46f603de-894f-488d-9471-5b721280ff49';
+            }
+            else if (environment === Environment.Production) {
+                return 'ee139b3d-5861-4d45-b387-1bc3ada7811c';
+            }
+            else {
+                return '46f603de-894f-488d-9471-5b721280ff49';
+            }
+        }
+        default:
+            throw new Bug(`Application id for API of type: ${api}`);
+    }
+}
+//# sourceMappingURL=identity.js.map

package/dist/session/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/session/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,GAAG,EAAC,MAAM,aAAa,CAAA;AAC/B,OAAO,EACL,OAAO,IAAI,kBAAkB,EAC7B,QAAQ,IAAI,mBAAmB,EAC/B,QAAQ,IAAI,mBAAmB,GAChC,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAC,WAAW,EAAC,MAAM,uBAAuB,CAAA;AAGjD,MAAM,UAAU,QAAQ;IACtB,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAA;IACzC,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;QACrC,OAAO,sCAAsC,CAAA;KAC9C;SAAM,IAAI,WAAW,KAAK,WAAW,CAAC,UAAU,EAAE;QACjD,OAAO,sCAAsC,CAAA;KAC9C;SAAM;QACL,OAAO,sCAAsC,CAAA;KAC9C;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAQ;IACpC,QAAQ,GAAG,EAAE;QACX,KAAK,OAAO,CAAC,CAAC;YACZ,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAA;YACxC,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;gBACrC,OAAO,kEAAkE,CAAA;aAC1E;iBAAM,IAAI,WAAW,KAAK,WAAW,CAAC,UAAU,EAAE;gBACjD,OAAO,kEAAkE,CAAA;aAC1E;iBAAM;gBACL,OAAO,kEAAkE,CAAA;aAC1E;SACF;QACD,KAAK,UAAU,CAAC,CAAC;YACf,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAA;YACzC,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;gBACrC,OAAO,kEAAkE,CAAA;aAC1E;iBAAM,IAAI,WAAW,KAAK,WAAW,CAAC,UAAU,EAAE;gBACjD,OAAO,kEAAkE,CAAA;aAC1E;iBAAM;gBACL,OAAO,kEAAkE,CAAA;aAC1E;SACF;QACD,KAAK,qBAAqB,CAAC,CAAC;YAC1B,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAA;YACxC,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;gBACrC,OAAO,sCAAsC,CAAA;aAC9C;iBAAM,IAAI,WAAW,KAAK,WAAW,CAAC,UAAU,EAAE;gBACjD,OAAO,sCAAsC,CAAA;aAC9C;iBAAM;gBACL,OAAO,sCAAsC,CAAA;aAC9C;SACF;QACD;YACE,MAAM,IAAI,GAAG,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAA;KAC1D;AACH,CAAC","sourcesContent":["import {Bug} from '../error.js'\nimport {\n  shopify as shopifyEnvironment,\n  partners as partnersEnvironment,\n  identity as identityEnvironment,\n} from '../environment/service.js'\nimport {Environment} from '../network/service.js'\nimport {API} from '../network/api.js'\n\nexport function clientId(): string {\n  const environment = identityEnvironment()\n  if (environment === Environment.Local) {\n    return 'e5380e02-312a-7408-5718-e07017e9cf52'\n  } else if (environment === Environment.Production) {\n    return 'fbdb2649-e327-4907-8f67-908d24cfd7e3'\n  } else {\n    return 'e5380e02-312a-7408-5718-e07017e9cf52'\n  }\n}\n\nexport function applicationId(api: API): string {\n  switch (api) {\n    case 'admin': {\n      const environment = shopifyEnvironment()\n      if (environment === Environment.Local) {\n        return 'e92482cebb9bfb9fb5a0199cc770fde3de6c8d16b798ee73e36c9d815e070e52'\n      } else if (environment === Environment.Production) {\n        return '7ee65a63608843c577db8b23c4d7316ea0a01bd2f7594f8a9c06ea668c1b775c'\n      } else {\n        return 'e92482cebb9bfb9fb5a0199cc770fde3de6c8d16b798ee73e36c9d815e070e52'\n      }\n    }\n    case 'partners': {\n      const environment = partnersEnvironment()\n      if (environment === Environment.Local) {\n        return 'df89d73339ac3c6c5f0a98d9ca93260763e384d51d6038da129889c308973978'\n      } else if (environment === Environment.Production) {\n        return '271e16d403dfa18082ffb3d197bd2b5f4479c3fc32736d69296829cbb28d41a6'\n      } else {\n        return 'df89d73339ac3c6c5f0a98d9ca93260763e384d51d6038da129889c308973978'\n      }\n    }\n    case 'storefront-renderer': {\n      const environment = shopifyEnvironment()\n      if (environment === Environment.Local) {\n        return '46f603de-894f-488d-9471-5b721280ff49'\n      } else if (environment === Environment.Production) {\n        return 'ee139b3d-5861-4d45-b387-1bc3ada7811c'\n      } else {\n        return '46f603de-894f-488d-9471-5b721280ff49'\n      }\n    }\n    default:\n      throw new Bug(`Application id for API of type: ${api}`)\n  }\n}\n"]}

package/dist/session/post-auth.d.ts

@@ -0,0 +1,13 @@
+import { Bug } from '../error.js';
+export declare const getEmptyUrlHTML: () => Promise<string>;
+export declare const getAuthErrorHTML: () => Promise<string>;
+export declare const getMissingCodeHTML: () => Promise<string>;
+export declare const getMissingStateHTML: () => Promise<string>;
+export declare const getSuccessHTML: () => Promise<string>;
+export declare const getStylesheet: () => Promise<string>;
+export declare const getFavicon: () => Promise<string>;
+export declare const EmptyUrlString = "We received the authentication redirect but the URL is empty.";
+export declare const AuthErrorString = "There was an issue while trying to authenticate.";
+export declare const MissingCodeString = "The authentication can't continue because the redirect doesn't include the code.";
+export declare const MissingStateString = "The authentication can't continue because the redirect doesn't include the state.";
+export declare const RedirectPageAssetNotFoundError: () => Bug;

package/dist/session/post-auth.js

@@ -0,0 +1,56 @@
+import { findUp, moduleDirectory } from '../path.js';
+import { read } from '../file.js';
+import { Bug } from '../error.js';
+const HTMLFileNames = ['empty-url.html', 'auth-error.html', 'missing-code.html', 'missing-state.html', 'success.html'];
+const StylesheetFilename = 'style.css';
+const FaviconFileName = 'favicon.svg';
+/**
+ * Finds the full path of the given file-name from the assets folder.
+ *
+ * @param {string} fileName The name of the file to look for.
+ * @returns {string | null} The full path of the file, or null if not found.
+ */
+const getFilePath = async (fileName) => {
+    const filePath = await findUp(`assets/${fileName}`, {
+        type: 'file',
+        cwd: moduleDirectory(import.meta.url),
+    });
+    if (!filePath) {
+        throw RedirectPageAssetNotFoundError();
+    }
+    return filePath;
+};
+export const getEmptyUrlHTML = async () => {
+    const filePath = await getFilePath(HTMLFileNames[0]);
+    return read(filePath);
+};
+export const getAuthErrorHTML = async () => {
+    const filePath = await getFilePath(HTMLFileNames[1]);
+    return read(filePath);
+};
+export const getMissingCodeHTML = async () => {
+    const filePath = await getFilePath(HTMLFileNames[2]);
+    return read(filePath);
+};
+export const getMissingStateHTML = async () => {
+    const filePath = await getFilePath(HTMLFileNames[3]);
+    return read(filePath);
+};
+export const getSuccessHTML = async () => {
+    const filePath = await getFilePath(HTMLFileNames[4]);
+    return read(filePath);
+};
+export const getStylesheet = async () => {
+    const filePath = await getFilePath(StylesheetFilename);
+    return read(filePath);
+};
+export const getFavicon = async () => {
+    const filePath = await getFilePath(FaviconFileName);
+    return read(filePath);
+};
+export const EmptyUrlString = 'We received the authentication redirect but the URL is empty.';
+export const AuthErrorString = 'There was an issue while trying to authenticate.';
+export const MissingCodeString = "The authentication can't continue because the redirect doesn't include the code.";
+export const MissingStateString = "The authentication can't continue because the redirect doesn't include the state.";
+export const RedirectPageAssetNotFoundError = () => new Bug(`Redirect page asset not found`);
+//# sourceMappingURL=post-auth.js.map

package/dist/session/post-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-auth.js","sourceRoot":"","sources":["../../src/session/post-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,MAAM,EAAE,eAAe,EAAC,MAAM,YAAY,CAAA;AAClD,OAAO,EAAC,IAAI,EAAC,MAAM,YAAY,CAAA;AAC/B,OAAO,EAAC,GAAG,EAAC,MAAM,aAAa,CAAA;AAE/B,MAAM,aAAa,GAAG,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,cAAc,CAAC,CAAA;AACtH,MAAM,kBAAkB,GAAG,WAAW,CAAA;AACtC,MAAM,eAAe,GAAG,aAAa,CAAA;AAErC;;;;;GAKG;AACH,MAAM,WAAW,GAAG,KAAK,EAAE,QAAgB,EAAmB,EAAE;IAC9D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,QAAQ,EAAE,EAAE;QAClD,IAAI,EAAE,MAAM;QACZ,GAAG,EAAE,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;KACtC,CAAC,CAAA;IACF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,8BAA8B,EAAE,CAAA;KACvC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,IAAqB,EAAE;IACzD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,IAAqB,EAAE;IAC1D,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,IAAqB,EAAE;IAC5D,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,IAAqB,EAAE;IAC7D,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,IAAqB,EAAE;IACxD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,IAAqB,EAAE;IACvD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,kBAAkB,CAAC,CAAA;IACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,IAAqB,EAAE;IACpD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,CAAA;IACnD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,+DAA+D,CAAA;AAE7F,MAAM,CAAC,MAAM,eAAe,GAAG,kDAAkD,CAAA;AAEjF,MAAM,CAAC,MAAM,iBAAiB,GAAG,kFAAkF,CAAA;AAEnH,MAAM,CAAC,MAAM,kBAAkB,GAAG,mFAAmF,CAAA;AAErH,MAAM,CAAC,MAAM,8BAA8B,GAAG,GAAG,EAAE,CAAC,IAAI,GAAG,CAAC,+BAA+B,CAAC,CAAA","sourcesContent":["import {findUp, moduleDirectory} from '../path.js'\nimport {read} from '../file.js'\nimport {Bug} from '../error.js'\n\nconst HTMLFileNames = ['empty-url.html', 'auth-error.html', 'missing-code.html', 'missing-state.html', 'success.html']\nconst StylesheetFilename = 'style.css'\nconst FaviconFileName = 'favicon.svg'\n\n/**\n * Finds the full path of the given file-name from the assets folder.\n *\n * @param {string} fileName The name of the file to look for.\n * @returns {string | null} The full path of the file, or null if not found.\n */\nconst getFilePath = async (fileName: string): Promise<string> => {\n  const filePath = await findUp(`assets/${fileName}`, {\n    type: 'file',\n    cwd: moduleDirectory(import.meta.url),\n  })\n  if (!filePath) {\n    throw RedirectPageAssetNotFoundError()\n  }\n  return filePath\n}\n\nexport const getEmptyUrlHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[0])\n  return read(filePath)\n}\n\nexport const getAuthErrorHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[1])\n  return read(filePath)\n}\n\nexport const getMissingCodeHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[2])\n  return read(filePath)\n}\n\nexport const getMissingStateHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[3])\n  return read(filePath)\n}\n\nexport const getSuccessHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[4])\n  return read(filePath)\n}\n\nexport const getStylesheet = async (): Promise<string> => {\n  const filePath = await getFilePath(StylesheetFilename)\n  return read(filePath)\n}\n\nexport const getFavicon = async (): Promise<string> => {\n  const filePath = await getFilePath(FaviconFileName)\n  return read(filePath)\n}\n\nexport const EmptyUrlString = 'We received the authentication redirect but the URL is empty.'\n\nexport const AuthErrorString = 'There was an issue while trying to authenticate.'\n\nexport const MissingCodeString = \"The authentication can't continue because the redirect doesn't include the code.\"\n\nexport const MissingStateString = \"The authentication can't continue because the redirect doesn't include the state.\"\n\nexport const RedirectPageAssetNotFoundError = () => new Bug(`Redirect page asset not found`)\n"]}