Hello. I am trying to add a new access scope ‘write_script_tags’ in my shopify.app.toml file. However, even after I add the new scope and run ‘shopify app dev’ or ‘shopify app deploy’ in my terminal the new scope does not appear. When I use ‘shopify app deploy’ and open the new version the only scope it shows is: ‘write_products’ even though I have also listed ‘write_script_tags’ in the scopes in the toml file. Any help would be greatly appreciated!
Thank you!
Hey @user143,
What distribution type do you have set for your app? The reason I ask is write_script_tags needs approval to be used on public apps. Make sure your app is set to custom distribution and see if that works then.
Ah. That’s the problem. Thank you so much!
Hi, I have the exact same issue, but with adding the scope read_third_party_fulfillment_orders.
I see it updated on the latest version in my partners dashboard, but can’t figure out how to get it live on any existing app installations, even if I reopen the app from Shopify.
My understanding was that the next time I opened the app through Shopify, that Shopify would handle forcing the user to re-OAuth with the new required scopes. Am I missing something? Must we still manually handle OAuth for existing installations when scopes change?
Hey Jake,
To confirm here, when you check your partner dashboard, is the version you just pushed the one that is showing as active?
Another thing to check, have you previously had write_third_party_fulfillment_orders? The reason I ask about that is usually write will also grant read so a new request might not be needed.
I would also test that it’s not a local issue and log in to your store in an incognito browser and visit your app to see if the scopes are prompted automatically then.
Hey Kyle,
Thanks for the quick reply!
I went through your troubleshooting steps:
The latest version with the new scope read_third_party_fulfillment_orders is active:
I don’t believe we have previously had write_third_party_fulfillment_orders, but I can’t be 100% sure. What I am 100% sure about is that neither the read or write scope for third_party_fulfillment_orders is active on any current app installations. Here is an example of me querying for the active accessScopes on my test store ninetyoff after accessing the app through Shopify->Apps, both in a regular browser, and in an incognito browser. Both flows took me straight to our (non-embedded) app, not requiring any OAuth.
I accessed the app in an incognito browser and nothing was prompted:
Oauth not prompted with new scope released | Loom
Hey Jake,
You mentioned you have a non-embedded app. That may be the key here. What kind of authorization flow does your app currently use?
The reason I ask is this is mentioned in our docs here: Manage access scopes
If you’re still using the legacy installation and OAuth authorization code grant flow, then refer to the authorization code grant guide on managing access scopes instead.
