Skip to content

Fix store auth API Client key#7148

Merged
isaacroldan merged 1 commit intomainfrom
dlm-store-execute-client-id
Apr 2, 2026
Merged

Fix store auth API Client key#7148
isaacroldan merged 1 commit intomainfrom
dlm-store-execute-client-id

Conversation

@dmerand
Copy link
Copy Markdown
Contributor

@dmerand dmerand commented Apr 1, 2026
edited
Loading

What

Update shopify store auth to use the correct API client ID.

Also update store auth/session test fixtures to derive their client ID and session keys from the shared constant instead of hardcoding the old value.

Why

The store auth flow was pointed at the wrong app, which made PKCE auth behave incorrectly.

The tests also hardcoded the previous client ID, so once the constant changed they started asserting against the wrong session bucket.

Testing

To test manually:

  1. Run shopify store auth --store <store> --scopes read_products
  2. Complete the PKCE flow
  3. Confirm the consent screen is for the expected app
  4. Confirm auth succeeds

Measuring impact

How do we know this change was effective? Please choose one:

  • n/a - this doesn't need measurement, e.g. a linting rule or a bug-fix
  • Existing analytics will cater for this addition
  • PR includes analytics changes to measure impact

Checklist

  • I've considered possible cross-platform impacts (Mac, Linux, Windows)
  • I've considered possible documentation changes

@dmerand Graphite App
Copy link
Copy Markdown
Contributor Author

dmerand commented Apr 1, 2026
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@dmerand dmerand mentioned this pull request Apr 1, 2026
Merged
5 tasks
@dmerand dmerand marked this pull request as ready for review April 1, 2026 21:19
@dmerand dmerand requested a review from a team as a code owner April 1, 2026 21:19
Copilot AI review requested due to automatic review settings April 1, 2026 21:19
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 1, 2026

We detected some changes at packages/*/src and there are no updates in the .changeset.
If the changes are user-facing, run pnpm changeset add to track your changes and include them in the next release CHANGELOG.

Caution

DO NOT create changesets for features which you do not wish to be included in the public changelog of the next CLI release.

Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes the Store auth flow configuration by updating the OAuth app client id used by the CLI’s store authentication and token refresh logic.

Changes:

  • Updated STORE_AUTH_APP_CLIENT_ID to the correct API client id for Store auth flows.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dmerand dmerand force-pushed the dlm-store-execute-client-id branch from f4f6a4c to ffdf400 Compare April 1, 2026 21:35
@dmerand dmerand mentioned this pull request Apr 1, 2026
Merged
5 tasks
@dmerand dmerand requested a review from isaacroldan April 1, 2026 21:39
@dmerand dmerand force-pushed the dlm-store-execute-client-id branch from ffdf400 to 20d4186 Compare April 1, 2026 23:01
@dmerand dmerand mentioned this pull request Apr 1, 2026
Merged
@isaacroldan isaacroldan added this pull request to the merge queue Apr 2, 2026
Merged via the queue into main with commit 3b62fa8 Apr 2, 2026
41 of 47 checks passed
@isaacroldan isaacroldan deleted the dlm-store-execute-client-id branch April 2, 2026 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@isaacroldan isaacroldan isaacroldan approved these changes

@ryancbahan ryancbahan ryancbahan approved these changes

@nickwesselman nickwesselman Awaiting requested review from nickwesselman

@RyanDJLee RyanDJLee Awaiting requested review from RyanDJLee

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dmerand @isaacroldan @ryancbahan