App Bridge Scopes API Error After removing use_legacy_install_flow flag

I’m trying to move to Shopify-Managed installation and implement dynamic scope requests using the App Bridge scopes API to request optional scopes without requiring merchants to go through a full OAuth redirect flow.

However, I’m getting this error when calling the API:

Error occurred when attempting to request access scopes: RequestGrantUserError: The app does not have scopes declared on Shopify.

My Setup:

• Previously had use_legacy_install_flow = true in my shopify.app.toml
• Removed the legacy flag and added optional scopes:

[access_scopes]
scopes = "read_script_tags,write_script_tags,read_products,read_orders,read_translations,write_discounts,read_discounts,read_themes,write_files"
optional_scopes = ["unauthenticated_read_product_listings", "unauthenticated_read_product_inventory"]

• Deployed the app to production
• App Bridge API is available and functioning (no JS errors)

Even after deployment, Shopify still returns the same
error when I try to request the same optional scopes. I double checked I’m sending the same scopes as in the ones in my TOML for the optional scopes.

The scopes I’m requesting match exactly what’s in my TOML file. I’m doing something like this for the request:

  const shopify = useAppBridge();
  await shopify.scopes.request(['unauthenticated_read_product_listings', 'unauthenticated_read_product_inventory']);

I have been trying for hours on my dev app and this keeps on failing. I have tried removing the flag and also setting it to false and waiting for a while.

Worth mentioning my app is quite old and was using use_legacy_install_flow=true for quite sometime. Also my app was previously non-embedded but now is an embedded app.

This is Shopify CLI version: @shopify/cli/3.53.0 and this is my AppBirdge version:
"@shopify/app-bridge-react": "^4.1.3"

Not sure what I’m doing wrong, could it be some sort of bug with the CLI?
Any help would be appreciated!

Hey @wissem - are you seeing that “The app does not have scopes declared on Shopify” pop up in your terminal console or is that through an API response?

If it’s popping up in your terminal, can you try running the --verbose flag in Shopify CLI when you run the command that riggers the error and share the full verbose output here in the thread if possible?

If you’re seeing it as an API response, if you can grab an X-Request-ID value from the API response header that would be super helpful too. I can use that to grab some logs on my end here and investigate more deeply, since this does seem to be unexpected behaviour from what I can tell on my end. Happy to help with this for sure!

Hey @Alan_G, Thanks a lot for looking into this.

I’m getting this error from the API response.

Here is the X-Request-ID: 835addd7-8610-43cc-9f34-502beb639a6d-1750750894

and this was the API response for that request:

{
    "data": {
        "appAccessRequestGrant": {
            "userErrors": [
                {
                    "message": "The app does not have scopes declared on Shopify.",
                    "code": "SCOPES_NOT_ON_SHOPIFY",
                    "errorTitle": null,
                    "errorMessage": null,
                    "__typename": "AppAccessUserError"
                }
            ],
            "grantRequirement": null,
            "accessChange": null,
            "__typename": "AppAccessRequestGrantPayload"
        }
    },
    "extensions": {
        "cost": {
            "requestedQueryCost": 37,
            "actualQueryCost": 10,
            "throttleStatus": {
                "maximumAvailable": 20000.0,
                "currentlyAvailable": 19990,
                "restoreRate": 1000.0
            }
        }
    }
}

And this is my dev app ID: 51969228801 where I’m testing this right now. (from the request above, deployed version is 193)
And here is my shopify.app.toml file:

# Learn more about configuring your app at https://shopify.dev/docs/apps/tools/cli/configuration

name = "STL - DEV"
client_id = "xxxxxx"
application_url = "https://xxxx.ngrok.io"
embedded = true

[access_scopes]
scopes = "read_script_tags,write_script_tags,read_products,read_orders,read_translations,write_discounts,read_discounts,read_themes,write_files"
optional_scopes = ["unauthenticated_read_product_listings", "unauthenticated_read_product_inventory"]

[auth]
redirect_urls = [
  "https://xxxx.ngrok.io/app_dev.php/redirect",
  "http://xxxx.ngrok.io/app_dev.php/redirect",
  "https://xxxx.ngrok.io/redirect",
  "http://xxxx.ngrok.io/redirect",
  "https://xxxx.ngrok.io/redirectembedded",
  "http://xxxx.ngrok.io/redirectembedded"
]

[webhooks]
api_version = "2024-10"

 [webhooks.privacy_compliance]
 customer_deletion_url = "https://xxxx.ngrok.io/gdpr/customers/redact"
 customer_data_request_url = "https://xxxx.ngrok.io/gdpr/customers/data_request"
 shop_deletion_url = "https://xxxx.ngrok.io/gdpr/shop/redact"

[pos]
embedded = false

I have also double checked that my backend API is using the version mentioned in docs which is 2024-10. Let me know if you need anything else for help debugging this.

Thanks @wissem - I was able to pull the logs on my end here, this does certainly look odd from what I can tell. Usually that “SCOPES_NOT_ON_SHOPIFY” error wouldn’t pop up after the changes were made and the app is redeployed.

Just to narrow down things on my end here, could you try one more deployment? Sometimes configuration sync issues can resolve with a fresh deployment, although I know you’ve tried this already.

After deploying, could you let me know the new version number and if you see any different behaviour or if the issue persists. Also, if possible, try reinstalling the app on a test store after the new deployment - this can sometimes resolve app distribution type migration issues.

If things persist though - I’m more than happy to work on this with our team internally to see if we can resolve this/if this is a possible bug. Really appreciate you working with me here, we’ll get this solved.

Of course, I just retried a new deploy and the issue persists. Version: 194 Request-ID: 269fcb7d-7ed6-4459-8f39-10d4f569f59d-1750780589

When reinstalling the app on a different store, I run into a 502 error. Here is the Request-ID: 3f3db221-2fc5-462a-803a-4706b4fa08b1-1750781451

I thought maybe the issue was that I had pushed the scopes, so I reverted my toml back to the older version:

[access_scopes]
scopes = "write_discounts,write_products" 
use_legacy_install_flow = true

I deployed again (version 196), but I couldn’t install the app again. I get a 502 error. Request-ID: 728c958a-c321-4e38-b6bf-2d8505940f6d-1750783153

I have tried on different stores. Also, installing on a brand new store shows the same 502 error, which seems weird. It looks like my dev app is somehow stuck in a weird state now when it comes to installation. I have reverted all of my app code changes and the install flow still throws a 502 now.

Thanks @wissem - I really appreciate you trying that again. I’ll do some more digging into this internally and loop back with you when we have next steps or a fix. Speak with you as soon as I have more info!

Hi @wissem - just following up here, I was able to speak with some folks on my end and we believe the error you’re seeing is related to an ongoing issue on our end that we are tracking. I’ll keep my eyes on this for you and update you as soon as I have more info/can confirm a fix.

Hi @Alan_G, thanks for the update. We got few user reports on our live app about the 502 install issue, but this seems to be resolved now. So I don’t think this was related to the initial issue regarding empty scopes.
I hope you and your team can help me with this, as managed installs are so much better in terms of UX and performance.

I have tried installing the app on brand new store with the toml file having the following:

[access_scopes]
scopes = "read_script_tags,write_script_tags,read_products,read_orders,read_translations,write_discounts,read_discounts,read_themes,write_files"
optional_scopes = ["unauthenticated_read_product_listings", "unauthenticated_read_product_inventory"]

and deployed version is 201. I have got same error when requesting additional scope via app bridge on the web:

"message": "The app does not have scopes declared on Shopify.",
"code": "SCOPES_NOT_ON_SHOPIFY",

Request-ID: cf075e3d-b2ce-4db5-9553-9a5a5c9469fc-1750836299

Also noticing this request in the network tab:

https://admin.shopify.com/api/shopify/install-test-bytecommerce-3?operation=FetchScopesDetail&type=query
Request-ID: ff5f15e5-b043-4771-bd00-1685a6babf45-1750836299

response:

{
    "data": {
        "appByHandleOrKey": {
            "id": "gid://shopify/App/51969228801",
            "apiKey": "25cd7ef7971399622a6d0ec56cc93f7d",
            "handle": "stl-dev",
            "installation": {
                "id": "gid://shopify/AppInstallation/881519919436",
                "accessScopes": [
                    {
                        "handle": "write_script_tags",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "read_orders",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "write_products",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "read_translations",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "write_discounts",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "read_themes",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "write_files",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "read_script_tags",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "read_products",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "read_discounts",
                        "__typename": "AccessScope"
                    },
                    {
                        "handle": "read_files",
                        "__typename": "AccessScope"
                    }
                ],
                "__typename": "AppInstallation"
            },
            "requestedAccessScopes": [],
            "optionalAccessScopes": [],
            "__typename": "App"
        }
    },
    "extensions": {
        "cost": {
            "requestedQueryCost": 5,
            "actualQueryCost": 5,
            "throttleStatus": {
                "maximumAvailable": 20000.0,
                "currentlyAvailable": 19995,
                "restoreRate": 1000.0
            }
        }
    }
}

This shows the scopes haven’t been pushed to Shopify

Thanks for sharing that other request ID from the network tab @wissem, it does seem like this may not be fully related to the other issue - I’ll do some further digging into this and loop back with you once I have next steps.

Hey @wissem - we’ve rolled out a fix for a potentially related issue, could you let me know if you’re still seeing those 5xx errors or the other “SCOPES_NOT_ON_SHOP” errors? If so, I’m more than happy to to keep investigating on my end, just wanted to see if the fix we pushed resolved things for you as well.

Hey @Alan_G I think it may have worked the first time I tried this on a store. I didn’t see the error, and when I did a query to get the scopes for the app installation it showed new scopes were correctly added. I didn’t copy Request-ID as browser reloaded. But afterwards each time I tried this on different stores I got the same error, even for brand new installs. Will try again to find more cases to help you reproduce it.

@Alan_G Unfortunately, the error still persists. It’s possible I was working with outdated code locally when I made that first request I mentioned. I’ve tried a few different approaches - sending empty optional_scopes and matching the exact scope order from the Admin GraphQL query:

{
  appInstallation {
    accessScopes {
      handle
    }
  }
}

No luck so far.

Thanks for confirming/trying again @wissem - I’m looking into this with our product team for you now, I’ll loop back with you once I have more info to share on my end here/or if we need to touch base for next steps. Thanks again for your patience on this, it’s really appreciated!