scope parameter in auth reqs

Shopify Expert
261 0 9

Trying to make an auth request to API with no extra scope params. The default scope is all i need. If i leave out the scope param, I get invalid scope error. If I keep it, but pass in nothing, I get a scope error as well. What should I pass in if I just want the access - I don't need any other privileges.

thanks

meeech | http://www.twitter.com/meeech | http://mitchell.amihod.com
0 Likes
Shopify Staff
Shopify Staff
132 2 4

Hey Meeech,

Can you elaborate? Are you trying to use the Ajax API? Can you include an API key, http requests/responses, examples of the calls you're making?

Thanks!

0 Likes
Shopify Expert
261 0 9

Hey Lydia.

sorry for the late response. Didnt seem to get a notification that someone replied. 

This is using the Oauth2 Authentication API. 

Docs say 

  • scope (required): The list of required scopes (explained below)

But in my case, i need just the default scopes (ie: access to the Shop object only). So I tried passing through a blank scope (scope='') but the API throws an error. 

meeech | http://www.twitter.com/meeech | http://mitchell.amihod.com
0 Likes
Shopify Expert
261 0 9

bump

meeech | http://www.twitter.com/meeech | http://mitchell.amihod.com
0 Likes
Shopify Staff
Shopify Staff
132 2 4

Hey,

I've tested this with the shopify_app rails generator, and leaving the scope out entirely (no :scope at all in omniauth.rb), and this works fine. Please provide details on the API wrapper you're using, how you're making the calls, and include your API key so that I can see what's coming through on our end.

Thanks

0 Likes
Shopify Expert
261 0 9

Using node/everyauth 

API Key: 7298e2289773eaca07af70c16d4d06d5

Doesn't work. Callback url is called with ?error=invalid_scope.

https://funk-llc4621.myshopify.com/admin/oauth/authorize?client_id=my_client_id&redirect_uri=http%3A...

Works: 

https://funk-llc4621.myshopify.com/admin/oauth/authorize?client_id=my_client_id&redirect_uri=http%3A...

m

meeech | http://www.twitter.com/meeech | http://mitchell.amihod.com
0 Likes
Shopify Staff
Shopify Staff
132 2 4

Ah, my bad. The rails app generator is adding read_products in somewhere else, likely because scope is indeed a required parameter. If you take a look at the oauth docs: http://docs.shopify.com/api/tutorials/oauth, you'll notice that while all apps will have shop.json and so on available, but a scope is still required.

0 Likes
Shopify Expert
261 0 9

lydia - kk thanks. 

meeech | http://www.twitter.com/meeech | http://mitchell.amihod.com
0 Likes
Shopify Expert
261 0 9

@lydia - You might want to update the docs, since they now read: http://docs.shopify.com/api/tutorials/oauth

Requesting access to a shop with no additional permissions beyond the basics: https://SHOP_NAME.myshopify.com/admin/oauth/authorize?client_id=API_KEY.

meeech | http://www.twitter.com/meeech | http://mitchell.amihod.com
0 Likes