Update scope prompt not working according to docs

This doc says that when using Shopify managed installs and the scope changes, the merchant is automatically prompted, but that’s not happening.

Details:

• Rails 7 app using shopify_app gem 22.5.2 (config.new_embedded_auth_strategy = true)
• The updated scope is showing in the dev dashboard config after deploying in the toml
• When opening the app, user is not prompted to accept scope changes
• Using shopify cli 3.85.5

I’ve read docs, experimented adding and removing different config flags, but can’t get the auto trigger to work.

Is there any better documentation, or tips on how to solve this?

I noticed the shopify_app gem docs for this is 4 years old and references the legacy method: shopify_app/docs/shopify_app/handling-access-scopes-changes.md at main · Shopify/shopify_app · GitHub

If anyone knows how to solve, please help.

Thanks

Hey!

If you’re using the Shopify CLI to preview your app, scopes changes in the TOML are automatically updated on the preview shop and you won’t be prompted for scope updates.

You can try to see this scope update flow on another shop (even without your server running since it’s Shopify that manages the install):

1. Deploy TOML with shopify app deploy that includes an initial set of scopes (scopes = "write_products”)
2. On your app’s home page on Dev Dashboard, select “Install App” and select a store that does not have your app installed
3. See the prompt to install app with “write products” permissions
4. Deploy TOML with an updated set of scopes (scopes = “write_products,read_themes”)
5. Load your app again on that shop
6. See the prompt to update app with “read themes” permission

Hi @zzooeeyy thanks - it does work for new installations (your step 2), but not for store that already had the app installed pre cli deploy (which would apply to all production shops).

Right now just testing in dev environment (not using Shopify CLI to preview, just normal local server with ngrok), but specifically did not uninstall / install the app in the dev store, to mimick the production environment when there are already users with scopes out of date and will need to be prompted next time opening the app.

Any ideas why it wouldn’t be triggering in this case? Note that the scope is also not automatically updating (in reference to Shopify CLI preview), because API calls fail.

Thanks for your comment, helps clear up some but still just facing that final problem of getting it to prompt on an already installed copy.

Hi @joesideas,

The app’s scope update prompts still require the merchant to open the app to grant the new scopes. The prompt will only appear if the active version of your app configuration requires more scopes than those already granted on the shop. If your declared scopes include fewer scopes than those already granted, the prompt will not appear.

Are the API calls failing because some merchants have not opened the app on their shops to accept the new scopes yet? You can use this GraphQL query to see which scopes your app has on a particular shop.

I agree, that’s how it should happen according to the docs, but it doesn’t prompt you when opening the app, that’s what I’m stumped on. We’ve followed the documentation but it’s not prompting if the store already had the app installed.

The failed API call I mentioned is just a test to confirm the scopes weren’t updated automatically (no prompt), API calls won’t get triggered if the merchant doesn’t have access.

Summary:

1. Add a new scope
2. User that already had the app installed opens the app
3. Expect to get prompted to update scope
4. Does not get prompted, scopes remain the same

I suspect there is a configuration with the shopify_app gem that is not documented, but hard to know what exactly.

Good times

im having the same issue! would love to hear more from shopify

btw im not using shopify_app gem so im sure it’s not related to gem configuration