diff --git a/CHANGELOG.md b/CHANGELOG.md index 11df9d235..81b668022 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ Unreleased ---------- +- Make `ShopifyApp.configuration.scope` default to empty list `[]` [1913](https://github.com/Shopify/shopify_app/pull/1913) 22.4.0 (August 22, 2024) ---------- diff --git a/docs/shopify_app/authentication.md b/docs/shopify_app/authentication.md index 60c2a8c1f..7d8765aa0 100644 --- a/docs/shopify_app/authentication.md +++ b/docs/shopify_app/authentication.md @@ -63,6 +63,26 @@ Using token exchange will ensure that the access token retrieved will always hav Authorization code grant flow is the OAuth flow that requires the app to redirect the user to Shopify for installation/authorization of the app to access the shop's data. It is still required for apps that are not embedded. +If your app is not using [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation) with declared scopes in your `.toml` file, you can change the requested access scopes during OAuth flow +by adding the `scope` to your configurations - `ShopifyApp.configuration` & `ShopifyAPI::Context.setup`. + + +```ruby +# config/initializers/shopify_app.rb + +ShopifyApp.configure do |config| + ... + config.scope = ["read_discounts", "write_products"] + ... +end + +ShopifyAPI::Context.setup( + ... + scope: ShopifyApp.configuration.scope, + ... +) +``` + To perform [authorization code grant flow](https://shopify.dev/docs/apps/auth/get-access-tokens/authorization-code-grant), you app will need to handle [begin OAuth](#begin-oauth) and [OAuth callback](#oauth-callback) routes. diff --git a/lib/shopify_app/configuration.rb b/lib/shopify_app/configuration.rb index 9fa194b99..2f2be695e 100644 --- a/lib/shopify_app/configuration.rb +++ b/lib/shopify_app/configuration.rb @@ -61,6 +61,7 @@ def initialize @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name @disable_webpacker = ENV["SHOPIFY_APP_DISABLE_WEBPACKER"].present? + @scope = [] log_v23_deprecations end diff --git a/test/shopify_app/configuration_test.rb b/test/shopify_app/configuration_test.rb index a5138b140..9545f00c4 100644 --- a/test/shopify_app/configuration_test.rb +++ b/test/shopify_app/configuration_test.rb @@ -41,6 +41,10 @@ class ConfigurationTest < ActiveSupport::TestCase assert_equal "auth/shopify/callback", ShopifyApp.configuration.login_callback_url end + test "defaults scope" do + assert_equal [], ShopifyApp.configuration.scope + end + test "can set root_url which affects login_url" do original_root = ShopifyApp.configuration.root_url