Replace store auth with PKCE and add token refresh

packages/cli/src/cli/commands/store/auth.test.ts

@@ -15,22 +15,19 @@ describe('store auth command', () => {
       'shop.myshopify.com',
       '--scopes',
       'read_products,write_products',
-      '--client-secret-file',
-      './client-secret.txt',
     ])
 
     expect(authenticateStoreWithApp).toHaveBeenCalledWith({
       store: 'shop.myshopify.com',
       scopes: 'read_products,write_products',
-      clientSecretFile: expect.stringContaining('client-secret.txt'),
-      port: 3458,
+      port: 13387,
     })
   })
 
   test('defines the expected flags', () => {
     expect(StoreAuth.flags.store).toBeDefined()
     expect(StoreAuth.flags.scopes).toBeDefined()
-    expect(StoreAuth.flags['client-secret-file']).toBeDefined()
     expect(StoreAuth.flags.port).toBeDefined()
+    expect(StoreAuth.flags['client-secret-file']).toBeUndefined()
   })
 })

packages/cli/src/cli/commands/store/auth.ts

@@ -1,22 +1,21 @@
 import Command from '@shopify/cli-kit/node/base-command'
 import {globalFlags} from '@shopify/cli-kit/node/cli'
 import {normalizeStoreFqdn} from '@shopify/cli-kit/node/context/fqdn'
-import {resolvePath} from '@shopify/cli-kit/node/path'
 import {Flags} from '@oclif/core'
 import {authenticateStoreWithApp} from '../../services/store/auth.js'
 import {DEFAULT_STORE_AUTH_PORT} from '../../services/store/config.js'
 
 export default class StoreAuth extends Command {
   static summary = 'Authenticate an app against a store for store commands.'
 
-  static descriptionWithMarkdown = `Starts a standard Shopify app OAuth flow against the specified store and stores an online access token for later use by \`shopify store execute\`.
+  static descriptionWithMarkdown = `Starts a PKCE OAuth flow against the specified store and stores an online access token for later use by \`shopify store execute\`.
 
 This flow authenticates the app on behalf of the current user. Re-run this command if the stored token is missing, expires, or no longer has the scopes you need.`
 
   static description = this.descriptionWithoutMarkdown()
 
   static examples = [
-    '<%= config.bin %> <%= command.id %> --store shop.myshopify.com --scopes read_products,write_products --client-secret-file ./client-secret.txt',
+    '<%= config.bin %> <%= command.id %> --store shop.myshopify.com --scopes read_products,write_products',
   ]
 
   static flags = {
@@ -33,12 +32,6 @@ This flow authenticates the app on behalf of the current user. Re-run this comma
       env: 'SHOPIFY_FLAG_SCOPES',
       required: true,
     }),
-    'client-secret-file': Flags.string({
-      description: 'Path to a file containing the app client secret used for the OAuth code exchange.',
-      env: 'SHOPIFY_FLAG_CLIENT_SECRET_FILE',
-      parse: async (input) => resolvePath(input),
-      required: true,
-    }),
     port: Flags.integer({
       description: 'Local port to use for the OAuth callback server.',
       env: 'SHOPIFY_FLAG_PORT',
@@ -52,7 +45,6 @@ This flow authenticates the app on behalf of the current user. Re-run this comma
     await authenticateStoreWithApp({
       store: flags.store,
       scopes: flags.scopes,
-      clientSecretFile: flags['client-secret-file'],
       port: flags.port,
     })
   }