Following the recent email about upcoming scope changes (all consent scopes becoming optional by April 1st), I had a quick question I couldn’t find answered in the docs.
If a user rejects a scope (e.g. openid) when they first enter our Mini, is there any way for them to change their mind later?
Is there a settings path in Shop where users can manage their Mini permissions and re-enable a previously rejected scope?
And, Can we as developers trigger a re-prompt for a specific scope at a later point (e.g. when the user tries to access a feature that needs it)?
Or should we treat a rejection as permanent for that user and build accordingly?
Hey @phuongpq1 — good questions. We’re finalizing the consent rejection flow ahead of April 1st, so let me give you the direction:
If a user rejects a scope when they first enter our Mini, is there any way for them to change their mind later?
Yes. Today, rejecting a scope closes the Mini — so the user just reopens it and gets prompted again. But we’re changing this so users can reject and continue using the Mini without it closing.
Is there a settings path in Shop where users can manage their Mini permissions and re-enable a previously rejected scope?
Users can revoke permissions at profile → settings → connections (or https://shop.app/account/settings/connections). But permissions can only be granted from within a Mini — there’s no way for users to proactively enable scopes from settings.
Can we as developers trigger a re-prompt for a specific scope at a later point?
This is what we’re building now. The plan:
Hooks that require consent will NOT automatically re-prompt after a rejection within the same session
We’re adding a new action that lets your Mini explicitly re-request consent — so you can tie it to a user interaction (e.g., a “connect account” button)
This way you control when to ask again without it feeling spammy.
Or should we treat a rejection as permanent?
No. treat it as “not right now.” Design your Mini to gracefully degrade when a scope is rejected, and give users a clear path to grant it later when they’re ready.
We’ll update the docs with the exact API before April 1st.
+1 to this! I also might be missing something basic, but how can we handle the lack of permissions if the app closes after being asked? I’m currently trying to catch the “Close” call and maybe cache their decision. We handle the null publicId, but the app just closes.
@davidhoffman-shopify Any update? I can’t find a way to read the currently allowed access scopes or to re-request consent in the current documentation. I only found `useRequestPermissions`, which just works for CAMERA, MICROPHONE and MOTION.