fix: do not write access token to env file (#1365)

.changeset/small-sheep-divide.md

@@ -0,0 +1,5 @@
+---
+"@bigcommerce/create-catalyst": minor
+---
+
+Changes the default behavior of the `create-catalyst` CLI such that it no longer writes the access token created by the OAuth device flow to the created project's `.env.local` file

packages/create-catalyst/src/commands/create.ts

@@ -247,7 +247,6 @@ export const create = new Command('create')
     writeEnv(projectDir, {
       channelId: channelId.toString(),
       storeHash,
-      accessToken,
       customerImpersonationToken,
     });
 

packages/create-catalyst/src/commands/init.ts

@@ -129,7 +129,6 @@ export const init = new Command('init')
     writeEnv(projectDir, {
       channelId: channelId.toString(),
       storeHash,
-      accessToken,
       customerImpersonationToken,
     });
   });

packages/create-catalyst/src/utils/write-env.ts

@@ -7,23 +7,21 @@ export const writeEnv = (
   {
     channelId,
     storeHash,
-    accessToken,
     customerImpersonationToken,
   }: {
     channelId: string;
     storeHash: string;
-    accessToken: string;
     customerImpersonationToken: string;
   },
 ) => {
   outputFileSync(
     join(projectDir, '.env.local'),
     [
-      `AUTH_SECRET=${randomBytes(32).toString('hex')}`,
       `BIGCOMMERCE_STORE_HASH=${storeHash}`,
       `BIGCOMMERCE_CHANNEL_ID=${channelId}`,
-      `BIGCOMMERCE_ACCESS_TOKEN=${accessToken}`,
       `BIGCOMMERCE_CUSTOMER_IMPERSONATION_TOKEN=${customerImpersonationToken}`,
+      '',
+      `AUTH_SECRET=${randomBytes(32).toString('hex')}`,
       `CLIENT_LOGGER=false`,
       `ENABLE_ADMIN_ROUTE=true`,
       `NEXT_PUBLIC_DEFAULT_REVALIDATE_TARGET=3600`,