Shopify CLI partners cli auth token issue

index.mjs

import { api, session } from '@shopify/cli-kit'
import keytar from 'keytar'

if (!process.env.SHOPIFY_API_KEY) {
  console.error("SHOPIFY_API_KEY not set")
  process.exit(1)
}

if (process.env.SHOPIFY_CLI_PARTNERS_TOKEN) {
  console.log("Using token from SHOPIFY_CLI_PARTNERS_TOKEN")
} else {
  try {
    const keys = await keytar.findCredentials('shopify-cli')
    if (keys.length) {
      console.log("Using credentials from secure store")
    } else {
      console.log("No credentials found in secure store.")
    }
  } catch (_) {
    console.log("Failed to load secure store. Hopefully you are logged in _somehow_ ¯\\_(ツ)_/¯")
  } 
}

const apikey = process.env.SHOPIFY_API_KEY
const query = api.graphql.ModuleCompilationStatusQuery
const token = await session.ensureAuthenticatedPartners()

// jobId can be anything in the correct format, we take a 'not_found' status as success
const vars = { jobId: '0a3f2a53-0a77-4b63-801f-9b3d29ec7195' }

try {
  const res = await api.partners.functionProxyRequest(apikey, query, token, vars)
  console.log(res.data)
} catch (err) {
  console.error(err)
}
process.exit(0) // can hang if it goes through the browser login flow

package.json

{
  "name": "cli-permission-issue",
  "version": "0.0.1",
  "description": "Reproduce permissions issue with Shopify cli token",
  "main": "index.mjs",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "@shopify/cli-kit": "^3.9.2"
  }
}