Added unauthenticated_read_customers access scope but still showing no access

Extensions
1

I am building a checkout UI extension in which I want to grab customer tags and based on customer tags, I want to proceed further with the logic.

Currently, there is no provision to grab the customer tags directly, based on this forum, I am storing the cart ID in the backend

But whenever I try to query the Cart and grab tags from the buyer identity (based on this article), I always get that the scope is required

image (4)
image (4)2324×650 83.9 KB

but I have already updated my .toml file with the required scope and deployed it

image (5)
image (5)2566×848 201 KB

image (6)
image (6)1668×666 36.9 KB

This is my GraphQL query

query(`query getCartTags($cartId: ID!) {
                cart(id:$cartId) {
                    buyerIdentity {
                        customer {
                            tags
                            id
                        }
                    }
                }
            }`, { variables: { cartId: `gid://shopify/Cart/${cartId}` } })

I already tried every method in the book, i.e

  1. Try uninstalling and installing again
  2. Try deploying the application
  3. Try clean the dev server and running the extension again locally
  4. added unauthenticated_read_customer_tagsscope too
2

I ran into something similar, and this usually isn’t just a deployment issue.

Adding the scopes in shopify.app.toml isn’t enough on its own. You need to make sure:

  • You have both scopes:
    unauthenticated_read_customers and unauthenticated_read_customer_tags

  • The app is reinstalled after adding scopes

  • The scopes are actually granted (you can verify via appInstallation.accessScopes)

Also, if you’re testing on a non-development store, Shopify will block customer data (including tags) unless you’ve been approved for protected customer data access. In that case, you’ll keep getting scope-related errors even if everything looks correct.

One more thing in checkout UI extensions, access to customer data is quite restricted. Even via Storefront API, some fields won’t be available depending on context.

What worked for me / recommended approach:
Instead of relying on fetching tags directly in checkout, I moved the logic to the backend using the Admin API (read_customers) and then passed only the required result (like a flag) to the extension. Much more reliable.

3

Thank you for the feedback @Syed_Aoun_Naqvi but let’s also wait for the team to answer it too. There are chances that they might have found a solution or fixed the error in the meantime