In our dev environment, we suddenly noticed that no access scopes are granted when newly installing any app.
When we install any of our apps through the development dashboard in any of our dev stores, no scopes are granted (except for the default scope):
We have a custom OAuth backend, that has been working just fine for ages.
Looking at our logs, the last successful (so, with the expected scopes) install was at 28th of November.
Between 28th of November and today (5th December) there have been no changes to our OAuth logic; we can see in our logs that our /admin/oauth/authorizerequest are identical between in structure between then and now.
The oauth/authorizeURL structure we use is:
https://[dev-store].myshopify.com/admin/oauth/authorize?client_id=[32 char hex string]&scope=read_customers%2Cread_orders%2Cread_all_orders%2Cread_payment_terms%2Cread_products&redirect_uri=https%3A%2F%2F[dev-url]%2F[App-path]%2Fauth%2Fcallback&state=c33ef6e8a87efcf215c4f46db42ef0ed&response_type=code&approval_prompt=auto
Same URL in a more readable format:
https://[dev-store].myshopify.com/admin/oauth/authorize
?client_id=[hex string]
&scope=read_customers%2Cread_orders%2Cread_all_orders%2Cread_payment_terms%2Cread_products&
redirect_uri=https%3A%2F%2F[dev-url]%2F[App-path]%2Fauth%2Fcallback
&state=c33ef6e8a87efcf215c4f46db42ef0ed
&response_type=code
&approval_prompt=auto
Has anyone encountered the same issue?
Is there a known bug somewhere?