Merge pull request #1913 from Shopify/zoey/make-scopes-optional

Add default value to Configuration.scope parameter to make it optional
Shopify · Oct 25, 2024 · 753883e · 753883e
2 parents c8e38c9 + d3560ac
commit 753883e
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 Unreleased
 ----------
+-  Make `ShopifyApp.configuration.scope` default to empty list `[]` [1913](https://github.com/Shopify/shopify_app/pull/1913)
 
 22.4.0 (August 22, 2024)
 ----------

diff --git a/docs/shopify_app/authentication.md b/docs/shopify_app/authentication.md
@@ -63,6 +63,26 @@ Using token exchange will ensure that the access token retrieved will always hav
 Authorization code grant flow is the OAuth flow that requires the app to redirect the user 
 to Shopify for installation/authorization of the app to access the shop's data. It is still required for apps that are not embedded.
 
+If your app is not using [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation) with declared scopes in your `.toml` file, you can change the requested access scopes during OAuth flow 
+by adding the `scope` to your configurations - `ShopifyApp.configuration` & `ShopifyAPI::Context.setup`.
+
+
+```ruby
+# config/initializers/shopify_app.rb
+
+ShopifyApp.configure do |config|
+  ...
+  config.scope = ["read_discounts", "write_products"]
+  ...
+end
+
+ShopifyAPI::Context.setup(
+  ...
+  scope: ShopifyApp.configuration.scope,
+  ...
+)
+```
+
 To perform [authorization code grant flow](https://shopify.dev/docs/apps/auth/get-access-tokens/authorization-code-grant), you app will need to handle
 [begin OAuth](#begin-oauth) and [OAuth callback](#oauth-callback) routes.
 

diff --git a/lib/shopify_app/configuration.rb b/lib/shopify_app/configuration.rb
@@ -61,6 +61,7 @@ def initialize
       @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
       @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
       @disable_webpacker = ENV["SHOPIFY_APP_DISABLE_WEBPACKER"].present?
+      @scope = []
 
       log_v23_deprecations
     end

diff --git a/test/shopify_app/configuration_test.rb b/test/shopify_app/configuration_test.rb
@@ -41,6 +41,10 @@ class ConfigurationTest < ActiveSupport::TestCase
     assert_equal "auth/shopify/callback", ShopifyApp.configuration.login_callback_url
   end
 
+  test "defaults scope" do
+    assert_equal [], ShopifyApp.configuration.scope
+  end
+
   test "can set root_url which affects login_url" do
     original_root = ShopifyApp.configuration.root_url