Skip to content

Exit store auth early for preview stores#7950

Merged
amcaplan merged 2 commits into
mainfrom
store-auth-preview-early-exit
Jun 29, 2026
Merged

Exit store auth early for preview stores#7950
amcaplan merged 2 commits into
mainfrom
store-auth-preview-early-exit

Conversation

@amcaplan

@amcaplan amcaplan commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

WHY are these changes introduced?

Preview stores aren't a logged-in experience. There's no OAuth flow to run and no way to grant additional Admin API scopes after creation — the scopes are fixed at creation time and cached locally (#7948). Running the standard store auth flow against a preview store therefore can't work. In practice, agents habitually run store auth before store execute, get confused when the flow fails for preview stores, and stall. We should fail fast with a clear, actionable message instead.

Final PR in the stack:

  1. Cache Admin API scopes returned by preview store creation #7948 — Cache the Admin API scopes returned by preview store creation.
  2. Surface preview store auth scopes in store info --json #7949 — Surface those scopes in store info --json.
  3. Exit store auth early for preview stores #7950 (this PR) — Exit store auth early for preview stores, listing the preapproved scopes.

WHAT is this pull request doing?

  • auth/index.ts: detect a cached preview-store session up front in authenticateStoreWithApp — before any metadata recording or OAuth — via a new throwIfPreviewStore helper. When the current session for the store is kind: 'preview', throw an AbortError:
    • Message: `store auth` is unavailable for preview stores.
    • Reason: preview stores aren't a logged-in experience, so additional Admin API scopes can't be granted; lists the scopes already available (or none).
    • Next steps: run shopify store execute directly (no store auth needed), or shopify store info --json to see the preapproved scopes.
  • getCurrentStoredStoreAppSession is injected as a dependency so the early-exit check is testable.

No changeset — preview stores aren't released yet.

How to test your changes?

  1. Create a preview store from the CLI (caches a kind: 'preview' session).
  2. Run shopify store auth --store <preview-store>.
  3. Confirm it exits early with the unavailable message and lists the preapproved scopes — and that no browser/OAuth flow is started.
  4. Confirm store auth still works normally for non-preview stores.

Unit tests cover: early exit without starting OAuth or recording fqdn metadata, and that the error surfaces the preapproved scope list.

Checklist

  • I've considered possible cross-platform impacts (Mac, Linux, Windows)
  • I've considered possible documentation changes
  • I've considered analytics changes to measure impact
  • The change is user-facing — I've identified the correct bump type and added a changeset. (N/A — preview stores aren't released yet.)

amcaplan commented Jun 28, 2026

Copy link
Copy Markdown
Contributor Author

@github-actions github-actions Bot added the Area: @shopify/cli @shopify/cli package issues label Jun 28, 2026
@amcaplan amcaplan force-pushed the store-auth-preview-early-exit branch from c833ade to 3cc6585 Compare June 28, 2026 17:09
@amcaplan amcaplan force-pushed the store-info-auth-scopes branch from 307d191 to c608d3d Compare June 28, 2026 17:09
Preview stores aren't a logged-in experience: there's no OAuth flow and no
way to grant additional Admin API scopes after creation. Running the
standard store auth flow against one confuses callers (including agents
that habitually run store auth before store execute).

Detect a cached preview-store session up front and abort with a clear
message that store auth is unavailable, listing the scopes already
preapproved at creation time and pointing at store execute / store info.

Assisted-By: devx/f38d0794-3b14-4a2a-a849-b95ae665f83d
@amcaplan amcaplan force-pushed the store-info-auth-scopes branch from c608d3d to 518dabd Compare June 28, 2026 17:14
@amcaplan amcaplan force-pushed the store-auth-preview-early-exit branch from 3cc6585 to 4671bfd Compare June 28, 2026 17:14
@github-actions github-actions Bot added no-changelog This PR doesn't include a changeset entry. Is an internal only change not relevant to end users. and removed Area: @shopify/cli @shopify/cli package issues labels Jun 28, 2026
Assisted-By: devx/7c2ea919-8429-480e-a789-203d7c9c0902
@amcaplan amcaplan marked this pull request as ready for review June 29, 2026 16:15
@amcaplan amcaplan requested a review from a team as a code owner June 29, 2026 16:15
Base automatically changed from store-info-auth-scopes to main June 29, 2026 16:58
@amcaplan amcaplan added this pull request to the merge queue Jun 29, 2026
Merged via the queue into main with commit 1003450 Jun 29, 2026
24 of 26 checks passed
@amcaplan amcaplan deleted the store-auth-preview-early-exit branch June 29, 2026 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

no-changelog This PR doesn't include a changeset entry. Is an internal only change not relevant to end users.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants