Make Wrangler warn more loudly if you're missing auth scopes

[penalosa]

Previously, when an authentication error was thrown, Wrangler would print out your Oauth token scopes with the passive message "If scopes are missing, you may need to logout and re-login." However, it was hard for users to know if scopes were missing, because users don't necessarily know what the right set of scopes are.

As it turns out, Wrangler does know what the set of scopes should be, so now we print out a much more actionable warning:

Wrangler is missing some expected Oauth scopes. To fix this, run \`wrangler login\` to refresh your token. The missing scopes are:
  - containers:write

Additionally, this fixes an issue where auth errors from Containers & Cloudchamber were not handled the same as other auth errors, because of the custom API client that those code paths use.

---

• Tests
  • TODO (before merge)
  • Tests included
  • Tests not necessary because:
• Wrangler / Vite E2E Tests CI Job required? (Use "e2e" label or ask maintainer to run separately)
  • I don't know
  • Required
  • Not required because: covered by unit tests
• Public documentation
  • TODO (before merge)
  • Cloudflare docs PR(s):
  • Documentation not necessary because: messaging improvement
• Wrangler V3 Backport
  • TODO (before merge)
  • Wrangler PR:
  • Not necessary because: in progress, but I don't want to block this PR

[changeset-bot]

🦋 Changeset detected

Latest commit: 704756e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
wrangler	Patch
@cloudflare/vitest-pool-workers	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

Failed to automatically backport this PR's changes to Wrangler v3. Please manually create a PR targeting the v3-maintenance branch with your changes. Thank you for helping us keep Wrangler v3 supported!

Depending on your changes, running git rebase --onto v3-maintenance main penalosa/useful-scopes-message might be a good starting point.

Notes:

• your PR branch should be named v3-backport-9734
• add the skip-v3-pr label to the current PR to stop this workflow from failing

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@9734

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@9734

miniflare

npm i https://pkg.pr.new/miniflare@9734

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@9734

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@9734

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@9734

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@9734

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@9734

wrangler

npm i https://pkg.pr.new/wrangler@9734

commit: 704756e

[irvinebroque]

YES 🐐 🐐 🐐 🐐

[irvinebroque]

how does wrangler know what is missing? asking because IIRC no way to get this back directly from the Cloudflare API?

[CarmenPopoviciu]

should the order of these two logs be reversed, now that we're listing the missing token scopes?

[petebacondarwin]

I "think" it is OK?

[penalosa]

how does wrangler know what is missing? asking because IIRC no way to get this back directly from the Cloudflare API?

It decides based on what scopes it would request if it performed a wrangler login (which is a static list in the codebase)