fix: remove environment variable dependency from ShopRenter token refresh #83

- Modified refreshAccessToken() to accept clientId/clientSecret as parameters
- Updated getValidAccessToken() to pass credentials from database
- Removed fallback to SHOPRENTER_CLIENT_ID/SECRET environment variables
- Added validation to ensure client credentials exist in database
- Credentials are now retrieved from stores.api_key/api_secret or stores.alt_data

This ensures each ShopRenter store uses its own client credentials
for token refresh operations instead of relying on global env vars.

supabase/functions/_shared/shoprenter-client.ts

@@ -300,20 +300,14 @@ export async function getValidAccessToken(storeId: string): Promise<string> {
 
   if (isAccessToken) {
     // api_key contains a token (old bug), try alt_data for client credentials
+    console.log('[ShopRenter] WARNING: api_key appears to be an access_token, retrieving credentials from alt_data')
     clientId = store.alt_data?.client_id
     clientSecret = store.alt_data?.client_secret
   }
 
-  // If still no client credentials, try environment variables (global app credentials)
+  // Validate client credentials are available
   if (!clientId || !clientSecret) {
-    const envClientId = Deno.env.get('SHOPRENTER_CLIENT_ID')
-    const envClientSecret = Deno.env.get('SHOPRENTER_CLIENT_SECRET')
-
-    if (envClientId && envClientSecret) {
-      console.log('[ShopRenter] Using global client credentials from environment')
-      clientId = envClientId
-      clientSecret = envClientSecret
-    }
+    throw new Error('ShopRenter client credentials not found in database. Please reconnect the store.')
   }
 
   // If we have client credentials, use client_credentials flow to get a fresh token
@@ -366,9 +360,9 @@ export async function getValidAccessToken(storeId: string): Promise<string> {
 
       // Token needs refresh
       console.log('[ShopRenter] Token expired or expiring soon, refreshing...')
-      if (store.refresh_token) {
+      if (store.refresh_token && clientId && clientSecret) {
         try {
-          const newTokenData = await refreshAccessToken(store.store_name, store.refresh_token)
+          const newTokenData = await refreshAccessToken(store.store_name, store.refresh_token, clientId, clientSecret)
 
           const newExpiresAt = new Date(Date.now() + (newTokenData.expires_in * 1000)).toISOString()
 
@@ -476,12 +470,9 @@ async function getTokenWithClientCredentials(shopname: string, clientId: string,
 }
 
 // Refresh access token
-async function refreshAccessToken(shopname: string, refreshToken: string) {
-  const clientId = Deno.env.get('SHOPRENTER_CLIENT_ID')
-  const clientSecret = Deno.env.get('SHOPRENTER_CLIENT_SECRET')
-
+async function refreshAccessToken(shopname: string, refreshToken: string, clientId: string, clientSecret: string) {
   if (!clientId || !clientSecret) {
-    throw new Error('ShopRenter credentials not configured')
+    throw new Error('ShopRenter client credentials not provided')
   }
 
   // Use the same endpoint as token request: oauth.app.shoprenter.net