[wrangler] Disable flagship OAuth scopes not yet valid in backend

[petebacondarwin]

The flagship:read and flagship:write OAuth scopes are not yet recognized by the Cloudflare backend. This temporarily comments them out from the default scopes requested during wrangler login to prevent issues.

They can be re-enabled once the backend supports them.

---

• Tests

  • Tests included/updated
  • Automated tests not possible - manual testing has been completed as follows:
  • Additional testing not necessary because: this only comments out two scope entries that are not yet functional

• Public documentation

  • Cloudflare docs PR(s):
  • Documentation not necessary because: no user-facing docs change needed

---

[changeset-bot]

🦋 Changeset detected

Latest commit: 52bd1e5

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[workers-devprod]

Codeowners approval required for this PR:

• ✅ @cloudflare/wrangler

Show detailed file reviewers

[emily-shen]

there will be test snapshots to update though i think

[github-actions]

✅ All changesets look good

[workers-devprod]

Codeowners reviews satisfied

[ask-bonk]

The scopes are correctly removed from DefaultScopes, but the inline test snapshots in three test files still reference flagship:read and flagship:write. These tests will fail because the generated OAuth URL will no longer contain those scopes.

Affected files:

• packages/wrangler/src/__tests__/user.test.ts — 6 snapshot URLs containing flagship%3Aread%20flagship%3Awrite
• packages/wrangler/src/__tests__/whoami.test.ts — 6 scope list entries containing flagship:read / flagship:write
• packages/wrangler/src/__tests__/deploy/core.test.ts — 2 snapshot URLs containing flagship%3Aread%20flagship%3Awrite

You'll need to update these inline snapshots (easiest via pnpm --filter wrangler test:ci -u or by manually removing the flagship scope fragments).

[ask-bonk]

Commenting these out is fine as a quick disable, but the inline snapshots in user.test.ts (6 occurrences), whoami.test.ts (6 occurrences), and deploy/core.test.ts (2 occurrences) all still contain flagship:read / flagship:write in their expected output. This will cause test failures.

Please update the snapshots to remove the flagship scope references (e.g. run pnpm --filter wrangler test:ci -u).

[ask-bonk]

I'm Bonk, and I've done a quick review of your PR.

This PR comments out the flagship:read and flagship:write OAuth scopes from the default login scopes since the Cloudflare backend doesn't recognize them yet.

Issue found:

1. Test snapshots not updated (will cause CI failures) — There are 14 inline snapshot references to flagship:read/flagship:write across three test files (user.test.ts, whoami.test.ts, deploy/core.test.ts) that still expect these scopes in the OAuth URL / scope list output. Since the scopes are now removed from DefaultScopes, the actual output will no longer include them, and these tests will fail.

I've posted the review with details on PR #13453.

github run

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13453

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13453

miniflare

npm i https://pkg.pr.new/miniflare@13453

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13453

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13453

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13453

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13453

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13453

wrangler

npm i https://pkg.pr.new/wrangler@13453

commit: 52bd1e5