Issue with read_products Access Scope – GraphQL Query Failing on User's Store

Hey everyone,

My app requires the read_products access scope, and it works fine on my development stores. However, for one recent user, whenever I navigate to a route where a GraphQL query runs (which depends on read_products), the app crashes with the following error:

Error: Access denied for productsCount field. Required access: read_products access scope.

I checked the app’s permissions on his store (I have access), and everything appears to be correctly set up. The user has all the necessary permissions, so I’m not sure why this is happening.

Has anyone encountered this issue before? Any insights would be greatly appreciated!

Thanks in advance!

I will leave some screenshots attached to the post.



Screenshot from 2025-02-07 11-11-46

This does seem pretty strange - esp if you can see that you have the permissions on that specific store (and they don’t need to re-authenticate). If it’s not happening on any other store, it could be worth asking the merchant to contact direct support to see if they can investigate logs related to scopes and scope requests to determine why this may be happening.

You could also try and test with a different app that you know has the same scope to see if the same issue occurs?

Thank you for replying, to give you more updates, the merchant is able to run the graphql query when he opens my app, but the problem still occurs when I enter his store and open the app, the graphql api call fails.
I’ve got a collaborator access for his store where I only asked for the permission to manage and open apps.

this problem never occur when I open other stores (other merchants who gave me a collaborator access to their store) and open the app.

What do you think about this?

Thanks.

Are you using Online or Offline Access Tokens?
Are you using Direct API Queries?

I’m using online access tokens, and I also tried once with the offline tokens, they both fail.

No I’m not using Direct API Queries.

Online access tokens will use your users permissions. Not the permissions of the app. That’s likely the cause of your error.

If you change your code to use offline access tokens then it will use the apps permissions

I tried both one time with online and then a second time with offline, and it didn’t work.

Also I’ve got a question for you what do you mean by “your users permissions”.

When I asked for collaborator access, I ticked the box that asks for the app access, that’s what I always did, is there something that changed?
Does it have to do with this thing that the merchant is faced to set up after I ask for a collaborator access?

Did you request read products permission for yourself?

Online access is meant to be used when a user is interacting with your app through the web, or when an app must respect an individual user’s permission level.

How did you change it to be offline access token?

I requested this in my collaborator access.

Hello,

Yes if you are using Online Access Tokens in your app, then your requested permissions would NOT have given you access to view products. As per the information here. Issue with read_products Access Scope – GraphQL Query Failing on User's Store - #8 by JordanFinners

When you changed it to use Offline Access Tokens, how did you do this?

Thank you for replying, When I changed to use Offline Access Tokens, I used the code below:

const { client } = await clientProvider.online.graphqlClient({
      req,
      res,
      isOnline: false, // false for offline session, true for online session
    });

Now I guess I did a mistake and I should’ve used this instead.

const { client } = await clientProvider.offline.graphqlClient({
      req,
      res,
      isOnline: false, // false for offline session, true for online session
    });