Merge pull request #7258 from Shopify/04-13-fix_store_auth_scope_parsing_for_space-separated_input

Fix store auth scope parsing for space-separated input

Author: RyanDJLee

packages/cli/src/cli/services/store/auth/index.test.ts

@@ -306,6 +306,42 @@ describe('store auth service', () => {
     expect(setStoredStoreAppSession).not.toHaveBeenCalled()
   })
 
+  test('authenticateStoreWithApp succeeds when scopes input is space-separated', async () => {
+    const waitForStoreAuthCodeMock = vi.fn().mockImplementation(async (options) => {
+      await options.onListening?.()
+      return 'abc123'
+    })
+
+    const result = await authenticateStoreWithApp(
+      {
+        store: 'shop.myshopify.com',
+        scopes: 'read_products read_inventory',
+      },
+      {
+        openURL: vi.fn().mockResolvedValue(true),
+        waitForStoreAuthCode: waitForStoreAuthCodeMock,
+        exchangeStoreAuthCodeForToken: vi.fn().mockResolvedValue({
+          access_token: 'token',
+          scope: 'read_products,read_inventory',
+          expires_in: 86400,
+          associated_user: {id: 42, email: 'test@example.com'},
+        }),
+        presenter: {
+          openingBrowser: vi.fn(),
+          manualAuthUrl: vi.fn(),
+          success: vi.fn(),
+        },
+      },
+    )
+
+    expect(result.scopes).toEqual(['read_products', 'read_inventory'])
+    expect(setStoredStoreAppSession).toHaveBeenCalledWith(
+      expect.objectContaining({
+        scopes: ['read_products', 'read_inventory'],
+      }),
+    )
+  })
+
   test('authenticateStoreWithApp accepts compressed write scopes that imply requested read scopes', async () => {
     const waitForStoreAuthCodeMock = vi.fn().mockImplementation(async (options) => {
       await options.onListening?.()

packages/cli/src/cli/services/store/auth/scopes.test.ts

@@ -17,6 +17,30 @@ describe('store auth scope helpers', () => {
     expect(mergeRequestedAndStoredScopes(['read_products'], ['read_orders'])).toEqual(['read_orders', 'read_products'])
   })
 
+  test('parseStoreAuthScopes splits space-separated scopes', () => {
+    expect(parseStoreAuthScopes('read_products read_inventory')).toEqual(['read_products', 'read_inventory'])
+  })
+
+  test('parseStoreAuthScopes splits mixed comma-and-space delimiters', () => {
+    expect(parseStoreAuthScopes('read_products, read_inventory,write_orders')).toEqual([
+      'read_products',
+      'read_inventory',
+      'write_orders',
+    ])
+  })
+
+  test('resolveGrantedScopes succeeds when granted scopes are space-separated', () => {
+    expect(
+      resolveGrantedScopes(
+        {
+          access_token: 'token',
+          scope: 'read_products read_inventory',
+        },
+        ['read_products', 'read_inventory'],
+      ),
+    ).toEqual(['read_products', 'read_inventory'])
+  })
+
   test('resolveGrantedScopes accepts compressed write scopes that imply requested reads', () => {
     expect(
       resolveGrantedScopes(

packages/cli/src/cli/services/store/auth/scopes.ts

@@ -3,10 +3,7 @@ import {outputContent, outputDebug} from '@shopify/cli-kit/node/output'
 import type {StoreTokenResponse} from './token-client.js'
 
 export function parseStoreAuthScopes(input: string): string[] {
-  const scopes = input
-    .split(',')
-    .map((scope) => scope.trim())
-    .filter(Boolean)
+  const scopes = input.split(/[ ,]+/).filter(Boolean)
 
   if (scopes.length === 0) {
     throw new AbortError('At least one scope is required.', 'Pass --scopes as a comma-separated list.')