@shopify/cli-kit 3.10.1 → 3.12.0

package/dist/session.js.map

@@ -1 +1 @@
-{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAA;AACnD,OAAO,EAAC,KAAK,EAAE,GAAG,EAAC,MAAM,YAAY,CAAA;AACrC,OAAO,EAAC,eAAe,EAAC,MAAM,uBAAuB,CAAA;AACrD,OAAO,EAAC,gBAAgB,EAAE,SAAS,EAAC,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAC,MAAM,uBAAuB,CAAA;AAC9D,OAAO,EAAC,IAAI,EAAC,MAAM,aAAa,CAAA;AAChC,OAAO,EACL,kCAAkC,EAClC,0BAA0B,EAC1B,0BAA0B,EAE1B,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,uBAAuB,CAAA;AAE9B,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AACjD,OAAO,EAAC,QAAQ,EAAC,MAAM,SAAS,CAAA;AAEhC,OAAO,EAAC,SAAS,EAAC,MAAM,wBAAwB,CAAA;AAEhD,OAAO,KAAK,WAAW,MAAM,oBAAoB,CAAA;AACjD,OAAO,SAAS,MAAM,gBAAgB,CAAA;AACtC,OAAO,EAAC,kBAAkB,EAAC,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AACrC,OAAO,EAAC,QAAQ,EAAC,MAAM,UAAU,CAAA;AACjC,OAAO,EAAC,kBAAkB,EAAC,MAAM,iBAAiB,CAAA;AAClD,OAAO,EAAC,aAAa,EAAC,MAAM,wBAAwB,CAAA;AACpD,OAAO,EAAC,GAAG,EAAC,MAAM,iBAAiB,CAAA;AAEnC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,+CAA+C,CAAC,CAAA;AAC/E,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,sDAAsD,CAAC,CAAA;AAChG,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,mDAAmD,CAAC,CAAA;AAC3F,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAC,wDAAwD,CAAC,CAAA;AAwDrG,MAAM,CAAC,MAAM,gCAAgC,GAAG,GAAG,EAAE;IACnD,OAAO,IAAI,KAAK,CACd,kDAAkD,EAClD,gEAAgE,CACjE,CAAA;AACH,CAAC,CAAA;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,SAAmB,EAAE,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG;IACxF,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;IAClE,IAAI,QAAQ,EAAE;QACZ,OAAO,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAChE;IACD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,WAAW,EAAE,EAAC,MAAM,EAAC,EAAC,CAAC,CAAA;IACjE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,MAAM,wBAAwB,CAAA;KAC/B;IACD,OAAO,MAAM,CAAC,QAAQ,CAAA;AACxB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,SAAmB,EAAE;IACvE,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,qBAAqB,EAAE,EAAC,MAAM,EAAC,EAAC,CAAC,CAAA;IAC3E,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE;QACtB,MAAM,2BAA2B,CAAA;KAClC;IACD,OAAO,MAAM,CAAC,UAAU,CAAA;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,KAAa,EAAE,SAAmB,EAAE;IACjF,KAAK,CAAC,OAAO,CAAA,sGAAsG,KAAK,CAAC,GAAG,CAC1H,KAAK,CACN;EACD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAC,EAAC,CAAC,CAAA;IAChF,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;QACjB,MAAM,sBAAsB,CAAA;KAC7B;IACD,OAAO,MAAM,CAAC,KAAK,CAAA;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG;IAC1F,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IAEjC,IAAI,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE;QACpC,YAAY,CAAC,QAAQ,CAAC,SAAS,GAAG,kBAAkB,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;KACtF;IAED,MAAM,cAAc,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IACxD,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAE,CAAA;IACzC,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAE7C,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;;EAElB,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC;CACzB,CAAC,CAAA;IACA,MAAM,gBAAgB,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;IAEjF,IAAI,UAAU,GAAG,EAAE,CAAA;IAEnB,IAAI,gBAAgB,KAAK,iBAAiB,EAAE;QAC1C,KAAK,CAAC,OAAO,CAAA,4CAA4C,CAAC,CAAA;QAC1D,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;KAC3D;SAAM,IAAI,gBAAgB,KAAK,eAAe,EAAE;QAC/C,KAAK,CAAC,OAAO,CAAA,+DAA+D,CAAC,CAAA;QAC7E,IAAI;YACF,UAAU,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC,CAAA;SAC3E;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,iBAAiB,EAAE;gBACtC,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;aAC3D;iBAAM;gBACL,MAAM,KAAK,CAAA;aACZ;SACF;KACF;IAED,MAAM,eAAe,GAAY,EAAC,GAAG,cAAc,EAAE,GAAG,UAAU,EAAC,CAAA;IACnE,MAAM,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;IACxC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,eAAe,EAAE,IAAI,CAAC,CAAA;IAEnE,uDAAuD;IACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;IAClE,IAAI,QAAQ,IAAI,YAAY,CAAC,WAAW,EAAE;QACxC,MAAM,CAAC,QAAQ,GAAG,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAC3E;IACD,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChC,MAAM,2BAA2B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;KACnD;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,aAAqB;IAC3D,IAAI;QACF,MAAM,QAAQ,CAAC,OAAO,CACpB,GAAG,CAAA;;;;;;;;OAQF,EACD,aAAa,CACd,CAAA;QACD,OAAO,IAAI,CAAA;QACX,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,kBAAkB,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE;YACnE,OAAO,KAAK,CAAA;SACb;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;KACF;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,aAAqB;IACrE,KAAK,CAAC,OAAO,CAAA,oDAAoD,CAAC,CAAA;IAClE,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAA;QACtE,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;QAC7C,MAAM,QAAQ,EAAE,CAAA;QAChB,MAAM,IAAI,CAAC,qCAAqC,CAAC,CAAA;QACjD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAA,kCAAkC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAA;QAC5G,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAA,qFAAqF,CAAC,CAAA;QAChH,MAAM,QAAQ,EAAE,CAAA;QAChB,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC,EAAE;YAC7C,MAAM,gCAAgC,EAAE,CAAA;SACzC;KACF;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,YAAoB;IACtF,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAC7C,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAC9C,IAAI,aAAa,EAAE,EAAE;QACnB,KAAK,CAAC,OAAO,CAAA,uCAAuC,CAAC,CAAA;QACrD,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;KACxB;IAED,6BAA6B;IAC7B,KAAK,CAAC,OAAO,CAAA,2CAA2C,CAAC,CAAA;IACzD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;IAEpC,mCAAmC;IACnC,KAAK,CAAC,OAAO,CAAA,+DAA+D,CAAC,CAAA;IAC7E,MAAM,aAAa,GAAG,MAAM,0BAA0B,CAAC,IAAI,CAAC,CAAA;IAE5D,iDAAiD;IACjD,KAAK,CAAC,OAAO,CAAA,6DAA6D,CAAC,CAAA;IAC3E,MAAM,MAAM,GAAG,MAAM,kCAAkC,CAAC,aAAa,EAAE,cAAc,EAAE,KAAK,CAAC,CAAA;IAE7F,MAAM,OAAO,GAAY;QACvB,CAAC,YAAY,CAAC,EAAE;YACd,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,MAAM;SACrB;KACF,CAAA;IAED,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;IAE9B,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,KAAoB,EAAE,YAA+B,EAAE,IAAY;IAC9F,yBAAyB;IACzB,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAA;IAErD,qDAAqD;IACrD,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,iBAAiB,GAAG,MAAM,kCAAkC,CAChE,aAAa,EACb,cAAc,EACd,YAAY,CAAC,QAAQ,EAAE,SAAS,CACjC,CAAA;IAED,OAAO;QACL,CAAC,IAAI,CAAC,EAAE;YACN,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,iBAAiB;SAChC;KACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,YAA+B,EAAE,OAAgB,EAAE,IAAY;IACtF,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,cAAc,CAAA;KACrB;IACD,MAAM,MAAM,GAAiB,EAAE,CAAA;IAC/B,IAAI,YAAY,CAAC,QAAQ,EAAE;QACzB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,WAAW,CAAA;QAC9D,IAAI,KAAK,EAAE;YACT,MAAM,CAAC,KAAK,GAAG,EAAC,KAAK,EAAE,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,EAAC,CAAA;SACnE;KACF;IAED,IAAI,YAAY,CAAC,WAAW,EAAE;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KAC/D;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE;QACtC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,CAAC,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACjE;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,gBAAgB;AAChB,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC3D,MAAM,eAAe,GAAG,CAAC,GAAG,KAAK,EAAE,GAAG,OAAO,EAAE,GAAG,UAAU,CAAC,CAAA;IAC7D,OAAO,gBAAgB,CAAC,eAAe,CAAC,CAAA;AAC1C,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAuB;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IACjE,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC;QACrC,QAAQ,EAAE,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC;QAC7C,UAAU,EAAE,SAAS,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;KAC/D,CAAA;AACH,CAAC;AAED,MAAM,UAAU,MAAM;IACpB,OAAO,WAAW,CAAC,MAAM,EAAE,CAAA;AAC7B,CAAC","sourcesContent":["import {applicationId} from './session/identity.js'\nimport {Abort, Bug} from './error.js'\nimport {validateSession} from './session/validate.js'\nimport {allDefaultScopes, apiScopes} from './session/scopes.js'\nimport {identity as identityFqdn} from './environment/fqdn.js'\nimport {open} from './system.js'\nimport {\n  exchangeAccessForApplicationTokens,\n  exchangeCodeForAccessToken,\n  exchangeCustomPartnerToken,\n  ExchangeScopes,\n  refreshAccessToken,\n  InvalidGrantError,\n} from './session/exchange.js'\n\nimport {content, token, debug} from './output.js'\nimport {keypress} from './ui.js'\n\nimport {authorize} from './session/authorize.js'\nimport {IdentityToken, Session} from './session/schema.js'\nimport * as secureStore from './session/store.js'\nimport constants from './constants.js'\nimport {normalizeStoreName} from './string.js'\nimport * as output from './output.js'\nimport {partners} from './api.js'\nimport {RequestClientError} from './api/common.js'\nimport {firstPartyDev} from './environment/local.js'\nimport {gql} from 'graphql-request'\n\nconst NoSessionError = new Bug('No session found after ensuring authenticated')\nconst MissingPartnerTokenError = new Bug('No partners token found after ensuring authenticated')\nconst MissingAdminTokenError = new Bug('No admin token found after ensuring authenticated')\nconst MissingStorefrontTokenError = new Bug('No storefront token found after ensuring authenticated')\n\n/**\n * A scope supported by the Shopify Admin API.\n */\ntype AdminAPIScope = 'graphql' | 'themes' | 'collaborator' | string\n\n/**\n * It represents the options to authenticate against the Shopify Admin API.\n */\ninterface AdminAPIOAuthOptions {\n  /** Store to request permissions for */\n  storeFqdn: string\n  /** List of scopes to request permissions for */\n  scopes: AdminAPIScope[]\n}\n\n/**\n * A scope supported by the Partners API.\n */\ntype PartnersAPIScope = 'cli' | string\ninterface PartnersAPIOAuthOptions {\n  /** List of scopes to request permissions for */\n  scopes: PartnersAPIScope[]\n}\n\n/**\n * A scope supported by the Storefront Renderer API.\n */\ntype StorefrontRendererScope = 'devtools' | string\ninterface StorefrontRendererAPIOAuthOptions {\n  /** List of scopes to request permissions for */\n  scopes: StorefrontRendererScope[]\n}\n\n/**\n * It represents the authentication requirements and\n * is the input necessary to trigger the authentication\n * flow.\n */\nexport interface OAuthApplications {\n  adminApi?: AdminAPIOAuthOptions\n  storefrontRendererApi?: StorefrontRendererAPIOAuthOptions\n  partnersApi?: PartnersAPIOAuthOptions\n}\n\nexport interface AdminSession {\n  token: string\n  storeFqdn: string\n}\n\nexport interface OAuthSession {\n  admin?: AdminSession\n  partners?: string\n  storefront?: string\n}\nexport const PartnerOrganizationNotFoundError = () => {\n  return new Abort(\n    `Couldn't find your Shopify Partners organization`,\n    `Have you confirmed your accounts from the emails you received?`,\n  )\n}\n\n/**\n * Ensure that we have a valid session to access the Partners API.\n * If SHOPIFY_CLI_PARTNERS_TOKEN exists, that token will be used to obtain a valid Partners Token\n * If SHOPIFY_CLI_PARTNERS_TOKEN exists, scopes will be ignored\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Partners API.\n */\nexport async function ensureAuthenticatedPartners(scopes: string[] = [], env = process.env): Promise<string> {\n  debug(content`Ensuring that the user is authenticated with the Partners API with the following scopes:\n${token.json(scopes)}\n`)\n  const envToken = env[constants.environmentVariables.partnersToken]\n  if (envToken) {\n    return (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  const tokens = await ensureAuthenticated({partnersApi: {scopes}})\n  if (!tokens.partners) {\n    throw MissingPartnerTokenError\n  }\n  return tokens.partners\n}\n\n/**\n * Ensure that we have a valid session to access the Storefront API.\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Storefront API.\n */\nexport async function ensureAuthenticatedStorefront(scopes: string[] = []): Promise<string> {\n  debug(content`Ensuring that the user is authenticated with the Storefront API with the following scopes:\n${token.json(scopes)}\n`)\n  const tokens = await ensureAuthenticated({storefrontRendererApi: {scopes}})\n  if (!tokens.storefront) {\n    throw MissingStorefrontTokenError\n  }\n  return tokens.storefront\n}\n\n/**\n * Ensure that we have a valid Admin session for the given store.\n * @param store {string} Store fqdn to request auth for\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Admin API\n */\nexport async function ensureAuthenticatedAdmin(store: string, scopes: string[] = []): Promise<AdminSession> {\n  debug(content`Ensuring that the user is authenticated with the Admin API with the following scopes for the store ${token.raw(\n    store,\n  )}:\n${token.json(scopes)}\n`)\n  const tokens = await ensureAuthenticated({adminApi: {scopes, storeFqdn: store}})\n  if (!tokens.admin) {\n    throw MissingAdminTokenError\n  }\n  return tokens.admin\n}\n\n/**\n * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.\n * @param applications {OAuthApplications} An object containing the applications we need to be authenticated with.\n * @returns {OAuthSession} An instance with the access tokens organized by application.\n */\nexport async function ensureAuthenticated(applications: OAuthApplications, env = process.env): Promise<OAuthSession> {\n  const fqdn = await identityFqdn()\n\n  if (applications.adminApi?.storeFqdn) {\n    applications.adminApi.storeFqdn = normalizeStoreName(applications.adminApi.storeFqdn)\n  }\n\n  const currentSession = (await secureStore.fetch()) || {}\n  const fqdnSession = currentSession[fqdn]!\n  const scopes = getFlattenScopes(applications)\n\n  debug(content`Validating existing session against the scopes:\n${token.json(scopes)}\nFor applications:\n${token.json(applications)}\n`)\n  const validationResult = await validateSession(scopes, applications, fqdnSession)\n\n  let newSession = {}\n\n  if (validationResult === 'needs_full_auth') {\n    debug(content`Initiating the full authentication flow...`)\n    newSession = await executeCompleteFlow(applications, fqdn)\n  } else if (validationResult === 'needs_refresh') {\n    debug(content`The current session is valid but needs refresh. Refreshing...`)\n    try {\n      newSession = await refreshTokens(fqdnSession.identity, applications, fqdn)\n    } catch (error) {\n      if (error instanceof InvalidGrantError) {\n        newSession = await executeCompleteFlow(applications, fqdn)\n      } else {\n        throw error\n      }\n    }\n  }\n\n  const completeSession: Session = {...currentSession, ...newSession}\n  await secureStore.store(completeSession)\n  const tokens = await tokensFor(applications, completeSession, fqdn)\n\n  // Overwrite partners token if using a custom CLI Token\n  const envToken = env[constants.environmentVariables.partnersToken]\n  if (envToken && applications.partnersApi) {\n    tokens.partners = (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  if (!envToken && tokens.partners) {\n    await ensureUserHasPartnerAccount(tokens.partners)\n  }\n\n  return tokens\n}\n\nexport async function hasPartnerAccount(partnersToken: string): Promise<boolean> {\n  try {\n    await partners.request(\n      gql`\n        {\n          organizations(first: 1) {\n            nodes {\n              id\n            }\n          }\n        }\n      `,\n      partnersToken,\n    )\n    return true\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    if (error instanceof RequestClientError && error.statusCode === 404) {\n      return false\n    } else {\n      return true\n    }\n  }\n}\n\n/**\n * If the user creates an account from the Identity website, the created\n * account won't get a Partner organization created. We need to detect that\n * and take the user to create a partner organization.\n * @param partnersToken {string} Partners token\n */\nexport async function ensureUserHasPartnerAccount(partnersToken: string) {\n  debug(content`Verifying that the user has a Partner organization`)\n  if (!(await hasPartnerAccount(partnersToken))) {\n    output.info(`\\nA Shopify Partners organization is needed to proceed.`)\n    output.info(`👉 Press any key to create one`)\n    await keypress()\n    await open(`https://partners.shopify.com/signup`)\n    output.info(output.content`👉 Press any key when you have ${output.token.cyan('created the organization')}`)\n    output.warn(output.content`Make sure you've confirmed your Shopify and the Partner organization from the email`)\n    await keypress()\n    if (!(await hasPartnerAccount(partnersToken))) {\n      throw PartnerOrganizationNotFoundError()\n    }\n  }\n}\n\nasync function executeCompleteFlow(applications: OAuthApplications, identityFqdn: string): Promise<Session> {\n  const scopes = getFlattenScopes(applications)\n  const exchangeScopes = getExchangeScopes(applications)\n  const store = applications.adminApi?.storeFqdn\n  if (firstPartyDev()) {\n    debug(content`Authenticating as Shopify Employee...`)\n    scopes.push('employee')\n  }\n\n  // Authorize user via browser\n  debug(content`Authorizing through Identity's website...`)\n  const code = await authorize(scopes)\n\n  // Exchange code for identity token\n  debug(content`Authorization code received. Exchanging it for a CLI token...`)\n  const identityToken = await exchangeCodeForAccessToken(code)\n\n  // Exchange identity token for application tokens\n  debug(content`CLI token received. Exchanging it for application tokens...`)\n  const result = await exchangeAccessForApplicationTokens(identityToken, exchangeScopes, store)\n\n  const session: Session = {\n    [identityFqdn]: {\n      identity: identityToken,\n      applications: result,\n    },\n  }\n\n  output.completed('Logged in.')\n\n  return session\n}\n\nasync function refreshTokens(token: IdentityToken, applications: OAuthApplications, fqdn: string): Promise<Session> {\n  // Refresh Identity Token\n  const identityToken = await refreshAccessToken(token)\n\n  // Exchange new identity token for application tokens\n  const exchangeScopes = getExchangeScopes(applications)\n  const applicationTokens = await exchangeAccessForApplicationTokens(\n    identityToken,\n    exchangeScopes,\n    applications.adminApi?.storeFqdn,\n  )\n\n  return {\n    [fqdn]: {\n      identity: identityToken,\n      applications: applicationTokens,\n    },\n  }\n}\n\nasync function tokensFor(applications: OAuthApplications, session: Session, fqdn: string): Promise<OAuthSession> {\n  const fqdnSession = session[fqdn]\n  if (!fqdnSession) {\n    throw NoSessionError\n  }\n  const tokens: OAuthSession = {}\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = fqdnSession.applications[realAppId]?.accessToken\n    if (token) {\n      tokens.admin = {token, storeFqdn: applications.adminApi.storeFqdn}\n    }\n  }\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    tokens.partners = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    tokens.storefront = fqdnSession.applications[appId]?.accessToken\n  }\n  return tokens\n}\n\n// Scope Helpers\nfunction getFlattenScopes(apps: OAuthApplications): string[] {\n  const admin = apps.adminApi?.scopes || []\n  const partner = apps.partnersApi?.scopes || []\n  const storefront = apps.storefrontRendererApi?.scopes || []\n  const requestedScopes = [...admin, ...partner, ...storefront]\n  return allDefaultScopes(requestedScopes)\n}\n\nfunction getExchangeScopes(apps: OAuthApplications): ExchangeScopes {\n  const adminScope = apps.adminApi?.scopes || []\n  const partnerScope = apps.partnersApi?.scopes || []\n  const storefrontScopes = apps.storefrontRendererApi?.scopes || []\n  return {\n    admin: apiScopes('admin', adminScope),\n    partners: apiScopes('partners', partnerScope),\n    storefront: apiScopes('storefront-renderer', storefrontScopes),\n  }\n}\n\nexport function logout() {\n  return secureStore.remove()\n}\n"]}
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAA;AACnD,OAAO,EAAC,KAAK,EAAE,GAAG,EAAC,MAAM,YAAY,CAAA;AACrC,OAAO,EAAC,eAAe,EAAC,MAAM,uBAAuB,CAAA;AACrD,OAAO,EAAC,gBAAgB,EAAE,SAAS,EAAC,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAC,MAAM,uBAAuB,CAAA;AAC9D,OAAO,EAAC,IAAI,EAAC,MAAM,aAAa,CAAA;AAChC,OAAO,EACL,kCAAkC,EAClC,0BAA0B,EAC1B,0BAA0B,EAE1B,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,uBAAuB,CAAA;AAE9B,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AACjD,OAAO,EAAC,QAAQ,EAAC,MAAM,SAAS,CAAA;AAEhC,OAAO,EAAC,SAAS,EAAC,MAAM,wBAAwB,CAAA;AAEhD,OAAO,KAAK,WAAW,MAAM,oBAAoB,CAAA;AACjD,OAAO,SAAS,MAAM,gBAAgB,CAAA;AACtC,OAAO,EAAC,kBAAkB,EAAC,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AACrC,OAAO,EAAC,QAAQ,EAAC,MAAM,UAAU,CAAA;AACjC,OAAO,EAAC,kBAAkB,EAAC,MAAM,iBAAiB,CAAA;AAClD,OAAO,EAAC,aAAa,EAAE,aAAa,EAAC,MAAM,wBAAwB,CAAA;AACnE,OAAO,EAAC,0BAA0B,EAAE,0BAA0B,EAAC,MAAM,mCAAmC,CAAA;AACxG,OAAO,EAAC,GAAG,EAAC,MAAM,iBAAiB,CAAA;AAEnC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,+CAA+C,CAAC,CAAA;AAC/E,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,sDAAsD,CAAC,CAAA;AAChG,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,mDAAmD,CAAC,CAAA;AAC3F,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAC,wDAAwD,CAAC,CAAA;AAwDrG,MAAM,CAAC,MAAM,gCAAgC,GAAG,GAAG,EAAE;IACnD,OAAO,IAAI,KAAK,CACd,kDAAkD,EAClD,gEAAgE,CACjE,CAAA;AACH,CAAC,CAAA;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,SAAmB,EAAE,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG;IACxF,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;IAClE,IAAI,QAAQ,EAAE;QACZ,OAAO,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAChE;IACD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,WAAW,EAAE,EAAC,MAAM,EAAC,EAAC,CAAC,CAAA;IACjE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,MAAM,wBAAwB,CAAA;KAC/B;IACD,OAAO,MAAM,CAAC,QAAQ,CAAA;AACxB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,SAAmB,EAAE;IACvE,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,qBAAqB,EAAE,EAAC,MAAM,EAAC,EAAC,CAAC,CAAA;IAC3E,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE;QACtB,MAAM,2BAA2B,CAAA;KAClC;IACD,OAAO,MAAM,CAAC,UAAU,CAAA;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,KAAa,EAAE,SAAmB,EAAE;IACjF,KAAK,CAAC,OAAO,CAAA,sGAAsG,KAAK,CAAC,GAAG,CAC1H,KAAK,CACN;EACD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAC,EAAC,CAAC,CAAA;IAChF,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;QACjB,MAAM,sBAAsB,CAAA;KAC7B;IACD,OAAO,MAAM,CAAC,KAAK,CAAA;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG;IAC1F,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IAEjC,IAAI,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE;QACpC,YAAY,CAAC,QAAQ,CAAC,SAAS,GAAG,kBAAkB,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;KACtF;IAED,MAAM,cAAc,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IACxD,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAE,CAAA;IACzC,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAE7C,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;;EAElB,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC;CACzB,CAAC,CAAA;IACA,MAAM,gBAAgB,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;IAEjF,IAAI,UAAU,GAAG,EAAE,CAAA;IAEnB,IAAI,gBAAgB,KAAK,iBAAiB,EAAE;QAC1C,KAAK,CAAC,OAAO,CAAA,4CAA4C,CAAC,CAAA;QAC1D,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;KAC3D;SAAM,IAAI,gBAAgB,KAAK,eAAe,EAAE;QAC/C,KAAK,CAAC,OAAO,CAAA,+DAA+D,CAAC,CAAA;QAC7E,IAAI;YACF,UAAU,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC,CAAA;SAC3E;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,iBAAiB,EAAE;gBACtC,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;aAC3D;iBAAM;gBACL,MAAM,KAAK,CAAA;aACZ;SACF;KACF;IAED,MAAM,eAAe,GAAY,EAAC,GAAG,cAAc,EAAE,GAAG,UAAU,EAAC,CAAA;IACnE,MAAM,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;IACxC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,eAAe,EAAE,IAAI,CAAC,CAAA;IAEnE,uDAAuD;IACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;IAClE,IAAI,QAAQ,IAAI,YAAY,CAAC,WAAW,EAAE;QACxC,MAAM,CAAC,QAAQ,GAAG,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAC3E;IACD,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChC,MAAM,2BAA2B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;KACnD;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,aAAqB;IAC3D,IAAI;QACF,MAAM,QAAQ,CAAC,OAAO,CACpB,GAAG,CAAA;;;;;;;;OAQF,EACD,aAAa,CACd,CAAA;QACD,OAAO,IAAI,CAAA;QACX,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,kBAAkB,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE;YACnE,OAAO,KAAK,CAAA;SACb;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;KACF;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,aAAqB;IACrE,KAAK,CAAC,OAAO,CAAA,oDAAoD,CAAC,CAAA;IAClE,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAA;QACtE,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;QAC7C,MAAM,QAAQ,EAAE,CAAA;QAChB,MAAM,IAAI,CAAC,qCAAqC,CAAC,CAAA;QACjD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAA,kCAAkC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAA;QAC5G,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAA,qFAAqF,CAAC,CAAA;QAChH,MAAM,QAAQ,EAAE,CAAA;QAChB,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC,EAAE;YAC7C,MAAM,gCAAgC,EAAE,CAAA;SACzC;KACF;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,YAAoB;IACtF,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAC7C,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAC9C,IAAI,aAAa,EAAE,EAAE;QACnB,KAAK,CAAC,OAAO,CAAA,uCAAuC,CAAC,CAAA;QACrD,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;KACxB;IAED,IAAI,aAA4B,CAAA;IAChC,IAAI,aAAa,EAAE,EAAE;QACnB,iEAAiE;QACjE,KAAK,CAAC,OAAO,CAAA,yCAAyC,CAAC,CAAA;QACvD,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAAC,MAAM,CAAC,CAAA;QAE3D,8BAA8B;QAC9B,KAAK,CAAC,OAAO,CAAA,4CAA4C,CAAC,CAAA;QAC1D,aAAa,GAAG,MAAM,0BAA0B,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAA;KAC7F;SAAM;QACL,6BAA6B;QAC7B,KAAK,CAAC,OAAO,CAAA,2CAA2C,CAAC,CAAA;QACzD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;QAEpC,mCAAmC;QACnC,KAAK,CAAC,OAAO,CAAA,+DAA+D,CAAC,CAAA;QAC7E,aAAa,GAAG,MAAM,0BAA0B,CAAC,IAAI,CAAC,CAAA;KACvD;IAED,iDAAiD;IACjD,KAAK,CAAC,OAAO,CAAA,6DAA6D,CAAC,CAAA;IAC3E,MAAM,MAAM,GAAG,MAAM,kCAAkC,CAAC,aAAa,EAAE,cAAc,EAAE,KAAK,CAAC,CAAA;IAE7F,MAAM,OAAO,GAAY;QACvB,CAAC,YAAY,CAAC,EAAE;YACd,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,MAAM;SACrB;KACF,CAAA;IAED,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;IAE9B,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,KAAoB,EAAE,YAA+B,EAAE,IAAY;IAC9F,yBAAyB;IACzB,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAA;IAErD,qDAAqD;IACrD,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,iBAAiB,GAAG,MAAM,kCAAkC,CAChE,aAAa,EACb,cAAc,EACd,YAAY,CAAC,QAAQ,EAAE,SAAS,CACjC,CAAA;IAED,OAAO;QACL,CAAC,IAAI,CAAC,EAAE;YACN,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,iBAAiB;SAChC;KACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,YAA+B,EAAE,OAAgB,EAAE,IAAY;IACtF,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,cAAc,CAAA;KACrB;IACD,MAAM,MAAM,GAAiB,EAAE,CAAA;IAC/B,IAAI,YAAY,CAAC,QAAQ,EAAE;QACzB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,WAAW,CAAA;QAC9D,IAAI,KAAK,EAAE;YACT,MAAM,CAAC,KAAK,GAAG,EAAC,KAAK,EAAE,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,EAAC,CAAA;SACnE;KACF;IAED,IAAI,YAAY,CAAC,WAAW,EAAE;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KAC/D;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE;QACtC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,CAAC,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACjE;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,gBAAgB;AAChB,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC3D,MAAM,eAAe,GAAG,CAAC,GAAG,KAAK,EAAE,GAAG,OAAO,EAAE,GAAG,UAAU,CAAC,CAAA;IAC7D,OAAO,gBAAgB,CAAC,eAAe,CAAC,CAAA;AAC1C,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAuB;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IACjE,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC;QACrC,QAAQ,EAAE,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC;QAC7C,UAAU,EAAE,SAAS,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;KAC/D,CAAA;AACH,CAAC;AAED,MAAM,UAAU,MAAM;IACpB,OAAO,WAAW,CAAC,MAAM,EAAE,CAAA;AAC7B,CAAC","sourcesContent":["import {applicationId} from './session/identity.js'\nimport {Abort, Bug} from './error.js'\nimport {validateSession} from './session/validate.js'\nimport {allDefaultScopes, apiScopes} from './session/scopes.js'\nimport {identity as identityFqdn} from './environment/fqdn.js'\nimport {open} from './system.js'\nimport {\n  exchangeAccessForApplicationTokens,\n  exchangeCodeForAccessToken,\n  exchangeCustomPartnerToken,\n  ExchangeScopes,\n  refreshAccessToken,\n  InvalidGrantError,\n} from './session/exchange.js'\n\nimport {content, token, debug} from './output.js'\nimport {keypress} from './ui.js'\n\nimport {authorize} from './session/authorize.js'\nimport {IdentityToken, Session} from './session/schema.js'\nimport * as secureStore from './session/store.js'\nimport constants from './constants.js'\nimport {normalizeStoreName} from './string.js'\nimport * as output from './output.js'\nimport {partners} from './api.js'\nimport {RequestClientError} from './api/common.js'\nimport {firstPartyDev, useDeviceAuth} from './environment/local.js'\nimport {pollForDeviceAuthorization, requestDeviceAuthorization} from './session/device-authorization.js'\nimport {gql} from 'graphql-request'\n\nconst NoSessionError = new Bug('No session found after ensuring authenticated')\nconst MissingPartnerTokenError = new Bug('No partners token found after ensuring authenticated')\nconst MissingAdminTokenError = new Bug('No admin token found after ensuring authenticated')\nconst MissingStorefrontTokenError = new Bug('No storefront token found after ensuring authenticated')\n\n/**\n * A scope supported by the Shopify Admin API.\n */\ntype AdminAPIScope = 'graphql' | 'themes' | 'collaborator' | string\n\n/**\n * It represents the options to authenticate against the Shopify Admin API.\n */\ninterface AdminAPIOAuthOptions {\n  /** Store to request permissions for */\n  storeFqdn: string\n  /** List of scopes to request permissions for */\n  scopes: AdminAPIScope[]\n}\n\n/**\n * A scope supported by the Partners API.\n */\ntype PartnersAPIScope = 'cli' | string\ninterface PartnersAPIOAuthOptions {\n  /** List of scopes to request permissions for */\n  scopes: PartnersAPIScope[]\n}\n\n/**\n * A scope supported by the Storefront Renderer API.\n */\ntype StorefrontRendererScope = 'devtools' | string\ninterface StorefrontRendererAPIOAuthOptions {\n  /** List of scopes to request permissions for */\n  scopes: StorefrontRendererScope[]\n}\n\n/**\n * It represents the authentication requirements and\n * is the input necessary to trigger the authentication\n * flow.\n */\nexport interface OAuthApplications {\n  adminApi?: AdminAPIOAuthOptions\n  storefrontRendererApi?: StorefrontRendererAPIOAuthOptions\n  partnersApi?: PartnersAPIOAuthOptions\n}\n\nexport interface AdminSession {\n  token: string\n  storeFqdn: string\n}\n\nexport interface OAuthSession {\n  admin?: AdminSession\n  partners?: string\n  storefront?: string\n}\nexport const PartnerOrganizationNotFoundError = () => {\n  return new Abort(\n    `Couldn't find your Shopify Partners organization`,\n    `Have you confirmed your accounts from the emails you received?`,\n  )\n}\n\n/**\n * Ensure that we have a valid session to access the Partners API.\n * If SHOPIFY_CLI_PARTNERS_TOKEN exists, that token will be used to obtain a valid Partners Token\n * If SHOPIFY_CLI_PARTNERS_TOKEN exists, scopes will be ignored\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Partners API.\n */\nexport async function ensureAuthenticatedPartners(scopes: string[] = [], env = process.env): Promise<string> {\n  debug(content`Ensuring that the user is authenticated with the Partners API with the following scopes:\n${token.json(scopes)}\n`)\n  const envToken = env[constants.environmentVariables.partnersToken]\n  if (envToken) {\n    return (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  const tokens = await ensureAuthenticated({partnersApi: {scopes}})\n  if (!tokens.partners) {\n    throw MissingPartnerTokenError\n  }\n  return tokens.partners\n}\n\n/**\n * Ensure that we have a valid session to access the Storefront API.\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Storefront API.\n */\nexport async function ensureAuthenticatedStorefront(scopes: string[] = []): Promise<string> {\n  debug(content`Ensuring that the user is authenticated with the Storefront API with the following scopes:\n${token.json(scopes)}\n`)\n  const tokens = await ensureAuthenticated({storefrontRendererApi: {scopes}})\n  if (!tokens.storefront) {\n    throw MissingStorefrontTokenError\n  }\n  return tokens.storefront\n}\n\n/**\n * Ensure that we have a valid Admin session for the given store.\n * @param store {string} Store fqdn to request auth for\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Admin API\n */\nexport async function ensureAuthenticatedAdmin(store: string, scopes: string[] = []): Promise<AdminSession> {\n  debug(content`Ensuring that the user is authenticated with the Admin API with the following scopes for the store ${token.raw(\n    store,\n  )}:\n${token.json(scopes)}\n`)\n  const tokens = await ensureAuthenticated({adminApi: {scopes, storeFqdn: store}})\n  if (!tokens.admin) {\n    throw MissingAdminTokenError\n  }\n  return tokens.admin\n}\n\n/**\n * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.\n * @param applications {OAuthApplications} An object containing the applications we need to be authenticated with.\n * @returns {OAuthSession} An instance with the access tokens organized by application.\n */\nexport async function ensureAuthenticated(applications: OAuthApplications, env = process.env): Promise<OAuthSession> {\n  const fqdn = await identityFqdn()\n\n  if (applications.adminApi?.storeFqdn) {\n    applications.adminApi.storeFqdn = normalizeStoreName(applications.adminApi.storeFqdn)\n  }\n\n  const currentSession = (await secureStore.fetch()) || {}\n  const fqdnSession = currentSession[fqdn]!\n  const scopes = getFlattenScopes(applications)\n\n  debug(content`Validating existing session against the scopes:\n${token.json(scopes)}\nFor applications:\n${token.json(applications)}\n`)\n  const validationResult = await validateSession(scopes, applications, fqdnSession)\n\n  let newSession = {}\n\n  if (validationResult === 'needs_full_auth') {\n    debug(content`Initiating the full authentication flow...`)\n    newSession = await executeCompleteFlow(applications, fqdn)\n  } else if (validationResult === 'needs_refresh') {\n    debug(content`The current session is valid but needs refresh. Refreshing...`)\n    try {\n      newSession = await refreshTokens(fqdnSession.identity, applications, fqdn)\n    } catch (error) {\n      if (error instanceof InvalidGrantError) {\n        newSession = await executeCompleteFlow(applications, fqdn)\n      } else {\n        throw error\n      }\n    }\n  }\n\n  const completeSession: Session = {...currentSession, ...newSession}\n  await secureStore.store(completeSession)\n  const tokens = await tokensFor(applications, completeSession, fqdn)\n\n  // Overwrite partners token if using a custom CLI Token\n  const envToken = env[constants.environmentVariables.partnersToken]\n  if (envToken && applications.partnersApi) {\n    tokens.partners = (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  if (!envToken && tokens.partners) {\n    await ensureUserHasPartnerAccount(tokens.partners)\n  }\n\n  return tokens\n}\n\nexport async function hasPartnerAccount(partnersToken: string): Promise<boolean> {\n  try {\n    await partners.request(\n      gql`\n        {\n          organizations(first: 1) {\n            nodes {\n              id\n            }\n          }\n        }\n      `,\n      partnersToken,\n    )\n    return true\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    if (error instanceof RequestClientError && error.statusCode === 404) {\n      return false\n    } else {\n      return true\n    }\n  }\n}\n\n/**\n * If the user creates an account from the Identity website, the created\n * account won't get a Partner organization created. We need to detect that\n * and take the user to create a partner organization.\n * @param partnersToken {string} Partners token\n */\nexport async function ensureUserHasPartnerAccount(partnersToken: string) {\n  debug(content`Verifying that the user has a Partner organization`)\n  if (!(await hasPartnerAccount(partnersToken))) {\n    output.info(`\\nA Shopify Partners organization is needed to proceed.`)\n    output.info(`👉 Press any key to create one`)\n    await keypress()\n    await open(`https://partners.shopify.com/signup`)\n    output.info(output.content`👉 Press any key when you have ${output.token.cyan('created the organization')}`)\n    output.warn(output.content`Make sure you've confirmed your Shopify and the Partner organization from the email`)\n    await keypress()\n    if (!(await hasPartnerAccount(partnersToken))) {\n      throw PartnerOrganizationNotFoundError()\n    }\n  }\n}\n\nasync function executeCompleteFlow(applications: OAuthApplications, identityFqdn: string): Promise<Session> {\n  const scopes = getFlattenScopes(applications)\n  const exchangeScopes = getExchangeScopes(applications)\n  const store = applications.adminApi?.storeFqdn\n  if (firstPartyDev()) {\n    debug(content`Authenticating as Shopify Employee...`)\n    scopes.push('employee')\n  }\n\n  let identityToken: IdentityToken\n  if (useDeviceAuth()) {\n    // Request a device code to authorize without a browser redirect.\n    debug(content`Requesting device authorization code...`)\n    const deviceAuth = await requestDeviceAuthorization(scopes)\n\n    // Poll for the identity token\n    debug(content`Starting polling for the identity token...`)\n    identityToken = await pollForDeviceAuthorization(deviceAuth.deviceCode, deviceAuth.interval)\n  } else {\n    // Authorize user via browser\n    debug(content`Authorizing through Identity's website...`)\n    const code = await authorize(scopes)\n\n    // Exchange code for identity token\n    debug(content`Authorization code received. Exchanging it for a CLI token...`)\n    identityToken = await exchangeCodeForAccessToken(code)\n  }\n\n  // Exchange identity token for application tokens\n  debug(content`CLI token received. Exchanging it for application tokens...`)\n  const result = await exchangeAccessForApplicationTokens(identityToken, exchangeScopes, store)\n\n  const session: Session = {\n    [identityFqdn]: {\n      identity: identityToken,\n      applications: result,\n    },\n  }\n\n  output.completed('Logged in.')\n\n  return session\n}\n\nasync function refreshTokens(token: IdentityToken, applications: OAuthApplications, fqdn: string): Promise<Session> {\n  // Refresh Identity Token\n  const identityToken = await refreshAccessToken(token)\n\n  // Exchange new identity token for application tokens\n  const exchangeScopes = getExchangeScopes(applications)\n  const applicationTokens = await exchangeAccessForApplicationTokens(\n    identityToken,\n    exchangeScopes,\n    applications.adminApi?.storeFqdn,\n  )\n\n  return {\n    [fqdn]: {\n      identity: identityToken,\n      applications: applicationTokens,\n    },\n  }\n}\n\nasync function tokensFor(applications: OAuthApplications, session: Session, fqdn: string): Promise<OAuthSession> {\n  const fqdnSession = session[fqdn]\n  if (!fqdnSession) {\n    throw NoSessionError\n  }\n  const tokens: OAuthSession = {}\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = fqdnSession.applications[realAppId]?.accessToken\n    if (token) {\n      tokens.admin = {token, storeFqdn: applications.adminApi.storeFqdn}\n    }\n  }\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    tokens.partners = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    tokens.storefront = fqdnSession.applications[appId]?.accessToken\n  }\n  return tokens\n}\n\n// Scope Helpers\nfunction getFlattenScopes(apps: OAuthApplications): string[] {\n  const admin = apps.adminApi?.scopes || []\n  const partner = apps.partnersApi?.scopes || []\n  const storefront = apps.storefrontRendererApi?.scopes || []\n  const requestedScopes = [...admin, ...partner, ...storefront]\n  return allDefaultScopes(requestedScopes)\n}\n\nfunction getExchangeScopes(apps: OAuthApplications): ExchangeScopes {\n  const adminScope = apps.adminApi?.scopes || []\n  const partnerScope = apps.partnersApi?.scopes || []\n  const storefrontScopes = apps.storefrontRendererApi?.scopes || []\n  return {\n    admin: apiScopes('admin', adminScope),\n    partners: apiScopes('partners', partnerScope),\n    storefront: apiScopes('storefront-renderer', storefrontScopes),\n  }\n}\n\nexport function logout() {\n  return secureStore.remove()\n}\n"]}