Hello,
I need clarification on the recent Shop Minis scopes update, because some of the wording is ambiguous and it affects backend implementation.
In the email, you wrote:
Any hook that returns consent-protected data (useGenerateToken, useOrders, etc.) may return null if the user declines
I have a few specific questions:
- Did you mean
useGenerateUserToken instead of useGenerateToken? I cannot find a hook named useGenerateToken in the docs.
- When you say these hooks may return null, what is the exact rule? Do they always return null when the required scope is declined orr can they still return a value in some cases, depending on the hook?
- The docs for useGenerateUserToken say:
- it generates a temporary token for authenticating the current user with the backend
- it âoptionally usesâ the openid scope when declared in the manifest
What does âoptionally usesâ mean in precise runtime terms?
- If openid is present in the manifest but the user declines it:
- will useGenerateUserToken return null?
-or will it still return a token, but then userTokenVerify mutation will return publicId: null?
Right now the main uncertainty is where the failure happens. An explanation of the expected flow would help a lot.
Thank you.
Hi @Iurii_Teslenko !
Did you mean useGenerateUserToken instead of useGenerateToken? I cannot find a hook named useGenerateToken in the docs.
Yeah looks like there was a typo in our comms, apologies for the confusion.
When you say these hooks may return null, what is the exact rule? Do they always return null when the required scope is declined orr can they still return a value in some cases, depending on the hook?
In the case of useGenerateUserToken, the hook could still return a token. Though, when openid is not granted or not present in the manifest, the server-side verification would return publicId: null
it âoptionally usesâ the openid scope when declared in the manifest
What does âoptionally usesâ mean in precise runtime terms?
âOptionally usesâ means: declaring openid in the manifest triggers a consent prompt that gives you a chance to get the userâs publicId, but declining never blocks the hook. The hook always works
Hope this adds some clarity
1 Like
Hello, @Ferran-Shopify
We are experiencing some issues regarding users being able to use the app when they reject consent. In our case, when the OpenID consent is rejected, the useGenerateUserToken hook cannot return GeneratedToken, and in an uncontrollable way the Mini app crashes and gives âcannot call generateUserToken.openid scope not grantedâ error. As you mentioned, shouldnât declining consent not break the hook? Thanks