App Management API authentication

[gonzaloriestra]

WHY are these changes introduced?

Related to https://github.com/Shopify/develop-app-management/issues/1752

WHAT is this pull request doing?

Authenticate against App Management API when USE_SHOPIFY_DEVELOPERS_CLIENT is enabled

How to test your changes?

With and without USE_SHOPIFY_DEVELOPERS_CLIENT=1:

• bin/spin p shopify auth logout
• bin/spin p shopify app config link --verbose

Measuring impact

How do we know this change was effective? Please choose one:

• n/a - this doesn't need measurement, e.g. a linting rule or a bug-fix
• Existing analytics will cater for this addition
• PR includes analytics changes to measure impact

Checklist

• I've considered possible cross-platform impacts (Mac, Linux, Windows)
• I've considered possible documentation changes
• I've made sure that any changes to dev or deploy have been reflected in the internal flowchart.

[github-actions]

Thanks for your contribution!

Depending on what you are working on, you may want to request a review from a Shopify team:

• Themes: @shopify/advanced-edits
• UI extensions: @shopify/ui-extensions-cli
  • Checkout UI extensions: @shopify/checkout-ui-extensions-api-stewardship
• Hydrogen: @shopify/hydrogen
• Other: @shopify/app-management

[github-actions]

Coverage report

St.❔	Category	Percentage	Covered / Total
🟡	Statements	71.71% (-0.34% 🔻)	6949/9691
🟡	Branches	68.59% (-0.35% 🔻)	3428/4998
🟡	Functions	71.19% (-0.31% 🔻)	1858/2610
🟡	Lines	73% (-0.38% 🔻)	6550/8973

Show files with reduced coverage 🔻

St.❔	File	Statements	Branches	Functions	Lines
🟢	... / app.test-data.ts	92.81% (-0.25% 🔻)	94.81% (+1.86% 🔼)	83.1% (-0.46% 🔻)	92.26% (-0.29% 🔻)
🟢	... / app.ts	86.01% (-0.19% 🔻)	73.49% (-0.62% 🔻)	88.89% (-0.47% 🔻)	87.3% (-0.2% 🔻)
🟢	... / loader.ts	93.06% (+0.03% 🔼)	86.98% (+0.2% 🔼)	94.79% (-0.21% 🔻)	93.81% (-0.22% 🔻)
🟢	... / extension-instance.ts	84.8% (-0.91% 🔻)	77.89% (+0.34% 🔼)	90.48% (-0.63% 🔻)	86.21% (-0.89% 🔻)
🟢	... / app_config_webhook.ts	91.3% (-8.7% 🔻)	81.82% (-18.18% 🔻)	100%	90.91% (-9.09% 🔻)
🟢	... / config.ts	93.55% (+2.37% 🔼)	82.35% (+7.35% 🔼)	88.89% (-1.11% 🔻)	96% (-0.43% 🔻)
🟡	... / select-app.ts	70.37% (-4.63% 🔻)	66.67% (-15.69% 🔻)	87.5% (-2.5% 🔻)	72.73% (-5.05% 🔻)
🟢	... / link.ts	95.95% (-0.16% 🔻)	71.88% (-0.85% 🔻)	100%	95.77% (-0.12% 🔻)
🟢	... / identifiers-extensions.ts	86.25% (-2.64% 🔻)	75% (-5.77% 🔻)	100%	87.5% (-2.39% 🔻)
🔴	... / getTomls.ts	0% (-91.67% 🔻)	0% (-50% 🔻)	0% (-100% 🔻)	0% (-91.67% 🔻)
🟡	... / session.ts	75.81% (-0.66% 🔻)	64.2% (+1.38% 🔼)	90%	76.03% (-0.69% 🔻)
🟡	... / exchange.ts	74.51% (+0.51% 🔼)	78.95% (-3.41% 🔻)	80%	74% (+0.53% 🔼)
🟢	... / validate.ts	89.74% (-7.4% 🔻)	85.71% (-10.12% 🔻)	100%	90.63% (-9.38% 🔻)
🟢	... / session.ts	82.86% (-13.81% 🔻)	83.87% (-16.13% 🔻)	71.43% (-11.9% 🔻)	81.82% (-14.61% 🔻)
🟢	... / spin.ts	97.5%	65.38% (-3.85% 🔻)	100%	97.44%

Test suite run success

1633 tests passing in 763 suites.

Report generated by 🧪jest coverage report action from a9fc086

[github-actions]

We detected some changes at either packages/*/src or packages/cli-kit/assets/cli-ruby/** and there are no updates in the .changeset.
If the changes are user-facing, run "pnpm changeset add" to track your changes and include them in the next release CHANGELOG.

[github-actions]

Differences in type declarations

We detected differences in the type declarations generated by Typescript for this branch compared to the baseline ('main' branch). Please, review them to ensure they are backward-compatible. Here are some important things to keep in mind:

• Some seemingly private modules might be re-exported through public modules.
• If the branch is behind main you might see odd diffs, rebase main into this branch.

New type declarations

We found no new type declarations in this PR

Existing type declarations

packages/cli-kit/dist/private/node/api.d.ts

@@ -1,5 +1,5 @@
 import { Headers } from 'form-data';
-export type API = 'admin' | 'storefront-renderer' | 'partners' | 'business-platform';
+export type API = 'admin' | 'storefront-renderer' | 'partners' | 'business-platform' | 'app-management';
 export declare const allAPIs: API[];
 interface RequestOptions<T> {
     request: Promise<T>;

packages/cli-kit/dist/private/node/session.d.ts

@@ -21,6 +21,14 @@ interface PartnersAPIOAuthOptions {
     /** List of scopes to request permissions for. */
     scopes: PartnersAPIScope[];
 }
+/**
+ * A scope supported by the Developer Platform API.
+ */
+type AppManagementAPIScope = 'https://api.shopify.com/auth/organization.apps.manage' | string;
+interface AppManagementAPIOauthOptions {
+    /** List of scopes to request permissions for. */
+    scopes: AppManagementAPIScope[];
+}
 /**
  * A scope supported by the Storefront Renderer API.
  */
@@ -44,12 +52,14 @@ export interface OAuthApplications {
     storefrontRendererApi?: StorefrontRendererAPIOAuthOptions;
     partnersApi?: PartnersAPIOAuthOptions;
     businessPlatformApi?: BusinessPlatformAPIOAuthOptions;
+    appManagementApi?: AppManagementAPIOauthOptions;
 }
 export interface OAuthSession {
     admin?: AdminSession;
     partners?: string;
     storefront?: string;
     businessPlatform?: string;
+    appManagement?: string;
 }
 /**
  * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.

packages/cli-kit/dist/public/node/session.d.ts

@@ -20,6 +20,15 @@ interface EnsureAuthenticatedAdditionalOptions {
  * @returns The access token for the Partners API.
  */
 export declare function ensureAuthenticatedPartners(scopes?: string[], env?: NodeJS.ProcessEnv, options?: EnsureAuthenticatedAdditionalOptions): Promise<string>;
+/**
+ * Ensure that we have a valid session to access the App Management API.
+ *
+ * @param scopes - Optional array of extra scopes to authenticate with.
+ * @param env - Optional environment variables to use.
+ * @param options - Optional extra options to use.
+ * @returns The access token for the App Management API.
+ */
+export declare function ensureAuthenticatedAppManagement(scopes?: string[], env?: NodeJS.ProcessEnv, options?: EnsureAuthenticatedAdditionalOptions): Promise<string>;
 /**
  * Ensure that we have a valid session to access the Storefront API.
  *

packages/cli-kit/dist/private/node/session/exchange.d.ts

@@ -11,6 +11,7 @@ export interface ExchangeScopes {
     partners: string[];
     storefront: string[];
     businessPlatform: string[];
+    appManagement: string[];
 }
 /**
  * Given a valid authorization code, request an identity access token.

[amcaplan]

Works like a charm. 🍀

Excited to have this part done!