Converting required scopes to optional scopes authorization failed

Hello! We are working on moving a scope from the required scopes field to the optional_scopes field in our app toml.

After deploying to development and testing on a store that had already approved the scope when it was required, the authorization is failing. In our app, this takes the form of a redirect loop.

Alternatively, if we just remove the scope from the scopes field and do not add it to the optional_scopes field, we get the expected result (the merchant won’t be prompted and the app will lose access to the scopes automatically when the merchant opens the app):

Has anyone else tried updating a scope from required to optional? If so, have you experienced this issue or no? Have you figured out a way to fix it?

Thanks!

@jeffchew
Did you ever solve this?

Hi @BeefyNachos, we didn’t specifically solve the issue, but we have switched over to managing scopes entirely in the app’s TOML file, so I am not sure if it would still be an issue for us or not.

@jeffchew
Thanks, we managed to find the cause. We were using an older package to save users’ approved scopes to our DB. Those saved scopes included the optional scopes, even though they shouldn’t.

When loading the app, the authentication saw a mismatch between the users approved scopes (from DB) and the scopes available in app, causing the redirect loop.