Fix --alias to also match by userId for UUID-aliased sessions

[GeorgiZhelev]

WHY are these changes introduced?

When a session's email alias fails to resolve during login, the alias field ends up as undefined. The session list display falls back to showing userId (UUID) via session.identity.alias ?? userId. But findSessionByAlias only matches against session.identity.alias, so --alias <UUID> doesn't find anything and falls through to the interactive prompt.

(The personal context is that I have a few different staff/partner accounts I work through so in every separate theme folder on my machine I automatically run shopify auth login --alias with the appropriate account - around 15 times a day).

WHAT is this pull request doing?

findSessionByAlias now also matches on the session's userId key as a fallback, so --alias <UUID> works for sessions where the alias was never set.

One-line change in store.ts, one new test in store.test.ts.

Note: this does not fix the display issue — sessions with undefined aliases will still show as UUIDs in the session picker. That would require re-fetching the email at some point (e.g. during token refresh).

How to test your changes?

• pnpm -F @shopify/cli-kit test -- src/private/node/session/store.test.ts
• Manual: on the live build, shopify auth login --alias "<UUID>" falls through to the interactive prompt instead of selecting the session. On the patched build, it selects the session correctly.

Measuring impact

• n/a - this doesn't need measurement, e.g. a linting rule or a bug-fix
• Existing analytics will cater for this addition
• PR includes analytics changes to measure impact

Checklist

• I've considered possible cross-platform impacts (Mac, Linux, Windows)
• I've considered possible documentation changes

[GeorgiZhelev]

Not sure how to rerun the CLA check, but I signed it at cla.shopify.com

[binks-code-reviewer]

🤖 Code Review · #projects-dev-ai for questions
React with 👍/👎 or reply — all feedback helps improve the agent.

✅ Complete - No issues

📋 History

✅ No issues

[gonzaloriestra]

Thanks a lot for the PR! It makes sense to me. The failing checks don't work correctly on forks, so I will merge anyway and ensure they pass on main later.

Related to this, in #6935 I'm asking for the alias on login when it can't be fetched. Would that be helpful for you? Could you please give it a try? npm i -g @shopify/cli@0.0.0-snapshot-20260304105215

[GeorgiZhelev]

Appreciate the merge! Thanks for getting it in quickly.

Regarding #6935 — I installed the snapshot and tried shopify auth login, but I didn't see the alias prompt. I think it only triggers on a fresh login / "Log in with a different account", and I already had an existing session. In my case the issue is that the alias drifts to the UUID some time after the initial login, not at login time — so by the time it's a problem, I'm already past that flow.

That said, I might be misunderstanding the change — does it cover that scenario too?

Here's my terminal output if that helps you with anything:

 npm i -g @shopify/cli@0.0.0-snapshot-20260304105215
npm warn deprecated boolean@3.2.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

added 26 packages in 7s

8 packages are looking for funding
  run `npm fund` for details
georgizhelev@georgi-mb-pro:~/dev/personal/customers/tots-bubbles$ vim .envrc 
direnv: error /Users/georgizhelev/dev/personal/customers/tots-bubbles/.envrc is blocked. Run `direnv allow` to approve its content
georgizhelev@georgi-mb-pro:~/dev/personal/customers/tots-bubbles$ direnv allow
direnv: loading ~/dev/personal/customers/tots-bubbles/.envrc
?  Which account would you like to use?
✔  75179ec3-25ed-4f6f-840d-9c1944ec5052

✔ Current account: 75179ec3-25ed-4f6f-840d-9c1944ec5052.
direnv: export +SHOPIFY_FLAG_STORE
georgizhelev@georgi-mb-pro:~/dev/personal/customers/tots-bubbles$ shopify -v
╭─ error ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│                                                                                                                                                                                 │
│  Command '-v' not found.                                                                                                                                                        │
│                                                                                                                                                                                 │
╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

georgizhelev@georgi-mb-pro:~/dev/personal/customers/tots-bubbles$ shopify version
0.0.0-snapshot-20260304105215
georgizhelev@georgi-mb-pro:~/dev/personal/customers/tots-bubbles$ shopify auth login
?  Which account would you like to use?
✔  75179ec3-25ed-4f6f-840d-9c1944ec5052

✔ Current account: 75179ec3-25ed-4f6f-840d-9c1944ec5052.
georgizhelev@georgi-mb-pro:~/dev/personal/customers/tots-bubbles$ 

[gonzaloriestra]

Thanks for the feedback, very useful!

I prepared another snapshot: @shopify/cli@0.0.0-snapshot-20260305113208. This one asks for an alias when the email is not found, and ensures it's never overwritten on session refresh. So if you run shopify auth logout, you should never see an UUID again. Please let me know if you try it.