Shopify App using oAuth requires store owner

New Member
3 0 0

We have built an app a Shopify App, in use by 50+ clients, that requests the following permissions when a user performs oAuth from our app:

 

read_customers, read_orders, read_all_orders, read_fulfillments, read_inventory, read_products, read_shipping, read_product_listings, read_price_rules, read_locations, read_gift_cards

(Yes, the has been granted read_all_order by Shopify.)

 

A user that tries to oAuth is receiving the following error:

 

Oauth error invalid_request: Your account does not have permission to grant 
the requested access for this app. You may be able to resolve this issue
by installing the app as the account owner

I am trying to understand which permission(s) REQUIRE the user to be an account owner?  He confirms he is not an account owner.  He has used other apps and they do NOT require that he be an account owner when authorizing access. 

 

Is there another way to grant access (with same permissions) and not be the account owner? or (as I've asked above) which permission requires account owner.

 

Thanks!

 

 

0 Likes
Shopify Staff
Shopify Staff
1558 77 232

To answer your question directly:

 

Is there another way to grant access (with same permissions) and not be the account owner? or (as I've asked above) which permission requires account owner.

There is no other way to do this unless the user has access to all of the resource types you are requested. To grant permission to read orders, they need to have access to read orders themselves, and so on.

 

Cheers.

0 Likes
New Member
3 0 0

@Alex thanks for responding. 

 

Are you able to confirm that the person granting authorization with oAuth must be an "account owner"?  Or can you pin point which permissions require "being an account owner"?  Or is it a granular permission issue with the user account and he did not have ALL the requested permissions we required.

 

Thanks

 

 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1558 77 232

If you want a user to install an app that has access to orders, the staff member must have access to orders. The same should apply for all access scopes the app is requesting. Being an account owner carries with it access to all resources, so they inherently should have no issue with scopes access. They user (non-account owner) will need to have access to all of the resources your app is requesting.

 

Cheers.

0 Likes