Skip to content

Add admin-as-app authentication #6649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shauns merged 1 commit into from
Nov 21, 2025
Merged

Add admin-as-app authentication #6649

shauns merged 1 commit into from
Nov 21, 2025
+216 −1

Conversation

@shauns
Copy link
Contributor

@shauns shauns commented Nov 21, 2025
edited
Loading

WHY are these changes introduced?

To enable the CLI to make authenticated requests to the Admin API on behalf of the app, rather than on behalf of the logged in user. This is useful for tasks where its important that the app's access and identity is used.

WHAT is this pull request doing?

  • Adds adminAsAppRequestDoc function to execute GraphQL queries against the Admin API on behalf of an app
  • Implements ensureAuthenticatedAdminAsApp to obtain app-based authentication tokens
  • Adds comprehensive test coverage for both new functions

@shauns Graphite App
Copy link
Contributor Author

shauns commented Nov 21, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Nov 21, 2025
Merged
Open
Closed
@shauns shauns marked this pull request as ready for review November 21, 2025 12:52
@shauns shauns requested a review from a team as a code owner November 21, 2025 12:52
@github-actions
Copy link
Contributor

github-actions bot commented Nov 21, 2025

We detected some changes at packages/*/src and there are no updates in the .changeset.
If the changes are user-facing, run pnpm changeset add to track your changes and include them in the next release CHANGELOG.

Caution

DO NOT create changesets for features which you do not wish to be included in the public changelog of the next CLI release.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 21, 2025
edited
Loading

Coverage report

St.
 Category Percentage Covered / Total
🟡 Statements
79.22% (-0.01% 🔻)
 13661/17245
🟡 Branches
73.1% (-0% 🔻)
 6654/9102
🟡 Functions
79.36% (-0.02% 🔻)
 3521/4437
🟡 Lines
79.58% (-0.01% 🔻)
 12904/16216
Show new covered files 🐣
St.
 File Statements Branches Functions Lines
🟢
... / admin-as-app.ts
 100% 100% 100% 100%
🟢
... / bulk-operation-run-mutation.ts
 100% 100% 100% 100%
🟢
... / bulk-operation-run-query.ts
 100% 100% 100% 100%
🟢
... / staged-uploads-create.ts
 100% 100% 100% 100%
🟢
... / execute-bulk-operation.ts
 95.24% 85.71% 100% 95%
🟢
... / run-mutation.ts
 100% 100% 100% 100%
🟢
... / run-query.ts
 100% 100% 100% 100%
🟡
... / stage-file.ts
 74.29% 53.33% 85.71% 73.53%
Show files with reduced coverage 🔻
St.
 File Statements Branches Functions Lines
🔴
... / ui.tsx
50.82% (-0.79% 🔻)
42.86% (-5.53% 🔻)
54.55% (+1.42% 🔼)
50% (-0.82% 🔻)
🟡
... / theme-environment.ts
69.57% (-1.86% 🔻)
 50%
55.56% (-3.27% 🔻)
69.57% (-1.86% 🔻)

Test suite run success

3374 tests passing in 1383 suites.

Report generated by 🧪jest coverage report action from 8d6a6a3

@shauns shauns force-pushed the shauns/add-admin-as-app-auth branch from 9dc2eb8 to 8d6a6a3 Compare November 21, 2025 13:04
@github-actions
Copy link
Contributor

github-actions bot commented Nov 21, 2025

Differences in type declarations

We detected differences in the type declarations generated by Typescript for this branch compared to the baseline ('main' branch). Please, review them to ensure they are backward-compatible. Here are some important things to keep in mind:

  • Some seemingly private modules might be re-exported through public modules.
  • If the branch is behind main you might see odd diffs, rebase main into this branch.

New type declarations

We found no new type declarations in this PR

Existing type declarations

packages/cli-kit/dist/public/node/session.d.ts 
@@ -122,4 +122,15 @@ export declare function ensureAuthenticatedBusinessPlatform(scopes?: BusinessPla
  * @returns A promise that resolves when the logout is complete.
  */
 export declare function logout(): Promise<void>;
+/**
+ * Ensure that we have a valid Admin session for the given store, with access on behalf of the app.
+ *
+ * See  for access on behalf of a user.
+ *
+ * @param storeFqdn - Store fqdn to request auth for.
+ * @param clientId - Client ID of the app.
+ * @param clientSecret - Client secret of the app.
+ * @returns The access token for the Admin API.
+ */
+export declare function ensureAuthenticatedAdminAsApp(storeFqdn: string, clientId: string, clientSecret: string): Promise<AdminSession>;
 export {};
\ No newline at end of file

@shauns shauns added this pull request to the merge queue Nov 21, 2025
Merged via the queue into main with commit 9f602df Nov 21, 2025
25 checks passed
@shauns shauns deleted the shauns/add-admin-as-app-auth branch November 21, 2025 14:47
@shauns shauns mentioned this pull request Nov 24, 2025
Open
5 tasks
@gonzaloriestra gonzaloriestra mentioned this pull request Nov 27, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@isaacroldan isaacroldan isaacroldan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shauns @isaacroldan