Access Denied + Recurring Charge Expired

Solved
Highlighted
Shopify Partner
30 0 17

I'm not entirely sure what is going wrong with my app suddenly. I have some merchants who have installed the app, and on my end I can see the Recurring Charged has been activated. Then two days later their log fills up with 'Recurring Charge Expired'.

 

When these specific stores try to access they app, they are unable to interact with the app because the GraphQL query that runs after authentication is returning access denied.

 

I can see that createShopifyAuth() creates the access token fine, it sends it off to a checkActiveSubscription() function I have written which triggers a GraphQL query:

query {
      app {
        id
        title
        installation {
          id
          activeSubscriptions {
            id
            status
            test
          }
        }
      }
    }

This query returns access denied, which basically breaks the rest of the app.

 

I have merchants which have no 'recurring charge expired' in their history for the app. They don't seem to have any issues. But I'm now seeing a large group of merchants with this message populating in their history.

 

The recurring charge is created using the appSubscriptionCreate mutation, which to my understanding means Shopify handles all the rebilling and subscription status on their end and I only have to worry about querying them to make sure it's still active no?

 

I'm not sure why the app graphQL query is failing. Does it need a specific scope or something?

 

This issue started appearing around end of March.

 

Another issue seems to be that when appSubscriptionCreate runs in order to even create a subscription, that also returns access denied. So new stores can't even create a subscription it seems.

0 Likes
Highlighted
Shopify Partner
30 0 17

Just tried installing the app on a fresh development store. The appSubscriptionCreate mutation failed with access denied. What is going on? I haven't changed anything on my end. Was there some kind of API breaking change deployed?

0 Likes
Highlighted
Shopify Partner
6 0 5

Tried the same thing and got the error. Also tried creating a new app and switching everything over to that, installing it and still got the error.

GraphQL error: AppSubscriptionCreate access denied
0 Likes
Highlighted
Shopify Partner
30 0 17

My mutation:

mutation {
        appSubscriptionCreate(
            name: "Basic Plan"
            returnUrl: "${process.env.HOST}"
            lineItems: [
            {
              plan: {
                appRecurringPricingDetails: {
                  price: { amount: 3.00, currencyCode: USD }
                }
              }
            }
            ]
          ) {
              userErrors {
                field
                message
              }
              confirmationUrl
              appSubscription {
                id
              }
          }
      }

the response I get back:

"errors":[{"message":"AppSubscriptionCreate access denied","locations":[{"line":2,"column":9}],"path":["appSubscriptionCreate"]}]

 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1041 140 165

Hey @KisukaKiza 

 

A fix was recently deployed to resolve a similar issue - is your call succeeding now? If not, can you please provide a request ID from the response headers?

0 Likes
Highlighted
Shopify Partner
30 0 17

@SBD_ yeah it works now. I was in the other topic as well where the issue was brought up and resolved. I had made this topic prior to seeing that existing one when everything was going on.

0 Likes
Highlighted
Shopify Partner
30 0 17

@SBD_ actually, I take that back. There seems to be something still going on.

 

When a staff account / non-owner account has an access token generated. When calling the appSubscriptionCreate mutation it triggers an internal error from Shopify.

 

Some requests IDs of it:
5bd8f205-9e1b-435a-bc77-f6cdfbc4d0f0
0befe3e6-3685-4d17-9d98-15ff7cb89df3

fac42594-8c5c-4b54-8f63-78d0a77c2092

f5aa158a-e6d5-42d6-8dbc-7c2dec299280

f7c2b650-0ffc-4620-99f5-ed687195163a

 

Switching to the owner account seems to solve the issue.

 

Is there an API endpoint I can hit to check if the account is an owner or not in order to display an error message to the user?

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1041 140 165

This is an accepted solution.

@KisukaKiza online tokens should contain something like this:

 

{
  "access_token": "...",
  ...
  "associated_user": {
    ...
    "account_owner": true
  }
}
0 Likes
Highlighted
Shopify Partner
30 0 17

@SBD_ Thanks.

 

For anyone who comes across this:

 

I ended up having to do a patch-package on the koa-shopify-auth package, because currently it only returns the access token back. Patched it to return the actual shopify response. I've now used that to add some pre-checks before attempting the subscription mutation, which ensures the user is the owner account, otherwise it now triggers an error if they are not.

1 Like
Highlighted
New Member
2 0 0

Hello @KisukaKiza   Looks like we might be running into a similar issue.  Just a quick question -do you know when the charge is initially activated, are they charged at that exact instance for the first month or is it +30 days before they are then charged?

0 Likes