Dont introspect token if already expired

packages/cli-kit/src/private/node/session/validate.ts

@@ -3,9 +3,9 @@ import {applicationId} from './identity.js'
 import {ApplicationToken, IdentityToken, validateCachedIdentityTokenStructure} from './schema.js'
 import {validateIdentityToken} from './identity-token-validation.js'
 import {sessionConstants} from '../constants.js'
-import {outputDebug} from '../../../public/node/output.js'
 import {firstPartyDev} from '../../../public/node/context/local.js'
 import {OAuthApplications} from '../session.js'
+import {outputDebug} from '@shopify/cli-kit/node/output'
 
 type ValidationResult = 'needs_refresh' | 'needs_full_auth' | 'ok'
 
@@ -35,7 +35,6 @@ export async function validateSession(
 ): Promise<ValidationResult> {
   if (!session) return 'needs_full_auth'
   const scopesAreValid = validateScopes(scopes, session.identity)
-  const identityIsValid = await validateIdentityToken(session.identity.accessToken)
   if (!scopesAreValid) return 'needs_full_auth'
   let tokensAreExpired = isTokenExpired(session.identity)
 
@@ -64,18 +63,18 @@ export async function validateSession(
     tokensAreExpired = tokensAreExpired || isTokenExpired(token)
   }
 
-  outputDebug(`
-The validation of the token for application/identity completed with the following results:
-- It's expired: ${tokensAreExpired}
-- It's invalid in identity: ${!identityIsValid}
-  `)
+  outputDebug(`- Token validation -> It's expired: ${tokensAreExpired}`)
 
   if (!validateCachedIdentityTokenStructure(session.identity)) {
     return 'needs_full_auth'
   }
 
   if (tokensAreExpired) return 'needs_refresh'
+
+  const identityIsValid = await validateIdentityToken(session.identity.accessToken)
+  outputDebug(`- Token validation -> It's invalid in identity: ${!identityIsValid}`)
   if (!identityIsValid) return 'needs_full_auth'
+
   return 'ok'
 }