Can the app's access scopes act differently for different shops ?

Shopify Partner
11 0 1

I got an app installed on one of my clients and the access auth were of following categories:

:scope => 'read_orders, read_products, write_themes, write_content, read_content, write_script_tags,',

One of the demo shops on which I was testing the same app has no issues with authentications. I can easily modify things and add css and liquids to my admin panel. On the actual clients end I got the auth token but I am not able to modify the liquids/add any thing there. I can read things as "themes", products but cannot modify anything. The scope remains as it is (same app used for demo and client's end)

    

    widgetsliquid = ShopifyAPI::Asset.new(:key => "snippets/widgetsliquid.liquid", :theme_id => "#{theme.id}")
    widgetsliquid.save  
    widgetsliquid.attach(File.read(File.join(Rails.root, 'lib/assets/shopify', 'widgetsliquid.liquid'))) 

Exception:

ActiveResource::UnauthorizedAccess: Failed.  Response code = 401.  Response message = Unauthorized.
    from /home/deploy/tm_shopify_app/production/shared/bundle/ruby/1.9.1/gems/activeresource-4.0.0/lib/active_resource/connection.rb:140:in `handle_response'

While the same thing returns true for my demo app. Is there any situation where this might happen? I am afraid I will have to ask for a reinstallation? Please help me out!!

0 Likes
Shopify Staff
Shopify Staff
176 6 37

Hi,

If your app was installed with certain scopes, and then the scope changed at some point, the client will need to once again grant permissions to the app in order for you to make the changes that you're looking for.

0 Likes
Shopify Partner
11 0 1

Thanks for the reply. But how would the scope change at some point (on its own)? I had been testing on my demo apps and everything was working fine and still is, but for that certain installation this got screwed up. I never changed any scopes or anything/code in my app. Please help me understand the issue. And is reinstallation the only choice left?

0 Likes
Shopify Staff
Shopify Staff
582 0 45

write_XYZ is a superset of read_XYZ. You don't need to include both in your request. Also if your clients are on lower end plans they don't get access to all the features of Shopify, such as being able to edit themes.

0 Likes
Shopify Partner
11 0 1

Thanks for the reply. One doubt still remains - how can my demo/test shop get access to all these modification while the client shop has not these things enabled? Also I can see my client to be on some custom theme which in a way would be editable. I should be able to modify/push liquids to the admin panel? I am totally stuck with this. 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
582 0 45

Make a get request to /admin/shop.json where you can determine what kind of plan the Shop is on. If they are on a starter plan, you won't be able to make modifications to their themes.

0 Likes
Shopify Partner
11 0 1

I am sorry but the plan does not seem to be a starter one. 

here are couple of parameters I got from the Shop.

"plan_display_name"=>"professional",
"plan_name"=>"professional",
"google_apps_login_enabled"=>true,
"money_in_emails_format"=>"${{amount}}",
"money_with_currency_in_emails_format"=>"${{amount}} USD",
"eligible_for_payments"=>true,
"requires_extra_payments_agreement"=>false,
"password_enabled"=>false,
"has_storefront"=>true},

Can you please check this? I assume the shop is not on a starter plan. Thanks

0 Likes
Shopify Staff
Shopify Staff
582 0 45

Looking at the api permissions for your clients there isn't anything that should be preventing this from working. Are you sure that you are hitting the right endpoint correctly? What does the serialized JSON look like before the request is sent?

0 Likes
Shopify Partner
11 0 1

Hi Chris,

The installation, which I assumed to be successful as there were no errors, but eventually the changes were not made on the client side. I am making calls through my rails console using the token which I somehow received successfully. Here is the series of calls that I am making.

session = ShopifyAPI::Session.new("clientshop.myshopify.com", "authtoken")
ShopifyAPI::Base.activate_session(session)

output: {"User-Agent"=>"ShopifyAPI/3.2.1 ActiveResource/4.0.0 Ruby/1.9.3",
          "X-Shopify-Access-Token"=>"authtoken"}

theme = ShopifyAPI::Theme.first
widgetsliquid = ShopifyAPI::Asset.new(:key => "snippets/widgetsliquid.liquid", :theme_id => "#{theme.id}") 
widgetsliquid.attach(File.read(File.join(Rails.root, 'lib/assets/shopify', 'widgetsliquid.liquid'))) 
widgetsliquid.save 

output: ActiveResource::UnauthorizedAccess: Failed.  Response code = 401.  Response message = Unauthorized.
from /home/deploy/shopify_app/production/shared/bundle/ruby/1.9.1/gems/activeresource-4.0.0/lib/active_resource/connection.rb:140:in `handle_response'

The scopes remains the same as what I have mentioned in the question above. They were never changed and still are the same. And I have been testing on demo apps and everything is working fine. I am not sure what went wrong here in this case. 

0 Likes
Shopify Expert
2000 13 313

I had a similar problem today too. A Shop with a valid token was used to activate a session, yet trying to do anything raised 401 Authentication errors. The scopes were clearly defined and work for all the other stores in the App DB, and since this shop was newly installed as compared to the many previously installed, seeing it exhibit that behaviour, perhaps there is a strange regression at work?

 

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
1 Like