Unify token exchange for app managament client

[isaacroldan]

WHY are these changes introduced?

Consolidates authentication flows for App Management and Business Platform APIs into a single function call, reducing duplicate authentication requests and improving performance.

Previously, by having two different calls to authenticate (1 for BP and 1 for AppManagement) we were triggering the whole identity token validation flow twice, now only once.

✅ This change saves up to 0.5 seconds on each command.

WHAT is this pull request doing?

• Introduces a new ensureAuthenticatedAppManagementAndBusinessPlatform function that handles authentication for both APIs simultaneously
• Updates the AppManagementClient to use the new consolidated authentication method
• Ensures proper token management and session handling for both platforms (BP token is stored in session now)
• Improves token refresh logic to handle both API tokens

How to test your changes?

0. Delete any previous session (pnpm shopify auth logout)
1. Run any CLI command that requires authentication
2. Verify that authentication works for both App Management and Business Platform APIs

If you want to dig further, you can run in debug and stop at the "token introspection" function. See that it should only run that once per command and not twice as it is now.

Measuring impact

• n/a - this doesn't need measurement, e.g. a linting rule or a bug-fix

Checklist

• I've considered possible cross-platform impacts (Mac, Linux, Windows)
• I've considered possible documentation changes

[isaacroldan]

• Cache a few queries for 1h #5342
• Add generic cache support for any graphQL query #5341
• Dont introspect token if already expired #5340
• Unify token exchange for app managament client #5339 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

Coverage report

St.❔	Category	Percentage	Covered / Total
🟡	Statements	75.51% (+0.06% 🔼)	9016/11940
🟡	Branches	70.8% (+0.16% 🔼)	4403/6219
🟡	Functions	75.29% (+0.03% 🔼)	2365/3141
🟡	Lines	76.04% (+0.07% 🔼)	8518/11202

Show files with reduced coverage 🔻

St.❔	File	Statements	Branches	Functions	Lines
🟢	... / app-event-watcher.ts	95.18% (-1.2% 🔻)	86.49% (-2.7% 🔻)	95.45%	100%

Test suite run success

2037 tests passing in 910 suites.

Report generated by 🧪jest coverage report action from 2a032b1

[github-actions]

We detected some changes at packages/*/src and there are no updates in the .changeset.
If the changes are user-facing, run "pnpm changeset add" to track your changes and include them in the next release CHANGELOG.

[github-actions]

Differences in type declarations

We detected differences in the type declarations generated by Typescript for this branch compared to the baseline ('main' branch). Please, review them to ensure they are backward-compatible. Here are some important things to keep in mind:

• Some seemingly private modules might be re-exported through public modules.
• If the branch is behind main you might see odd diffs, rebase main into this branch.

New type declarations

We found no new type declarations in this PR

Existing type declarations

packages/cli-kit/dist/public/node/session.d.ts

@@ -26,14 +26,16 @@ export declare function ensureAuthenticatedPartners(scopes?: PartnersAPIScope[],
 /**
  * Ensure that we have a valid session to access the App Management API.
  *
- * @param scopes - Optional array of extra scopes to authenticate with.
- * @param env - Optional environment variables to use.
  * @param options - Optional extra options to use.
+ * @param appManagementScopes - Optional array of extra scopes to authenticate with.
+ * @param businessPlatformScopes - Optional array of extra scopes to authenticate with.
+ * @param env - Optional environment variables to use.
  * @returns The access token for the App Management API.
  */
-export declare function ensureAuthenticatedAppManagement(scopes?: AppManagementAPIScope[], env?: NodeJS.ProcessEnv, options?: EnsureAuthenticatedAdditionalOptions): Promise<{
-    token: string;
+export declare function ensureAuthenticatedAppManagementAndBusinessPlatform(options?: EnsureAuthenticatedAdditionalOptions, appManagementScopes?: AppManagementAPIScope[], businessPlatformScopes?: BusinessPlatformScope[], env?: NodeJS.ProcessEnv): Promise<{
+    appManagementToken: string;
     userId: string;
+    businessPlatformToken: string;
 }>;
 /**
  * Ensure that we have a valid session to access the Storefront API.