storefrontAccessTokenCreate mutation always returns "Access Denied"

tolgapaksoy
Shopify Partner
67 5 37

I am working on an app that also requires a storefront access token. I am setting it up to create an access token when the app is logged into.

But it always returns an error:

mutation storefrontAccessTokenCreate($input: StorefrontAccessTokenInput!) {
  storefrontAccessTokenCreate(input: $input) {
    storefrontAccessToken {
      accessToken
    }
    userErrors {
      field
      message
    }
  }
}

And variables:

{
	"input": {
    "title": "Test name"
  }
}

Which outputs:

{
  "data": {
    "storefrontAccessTokenCreate": null
  },
  "errors": [
    {
      "message": "StorefrontAccessTokenCreate access denied",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "storefrontAccessTokenCreate"
      ]
    }
  ],
  "extensions": {
    "cost": {
      "requestedQueryCost": 10,
      "actualQueryCost": 10,
      "throttleStatus": {
        "maximumAvailable": 1000.0,
        "currentlyAvailable": 990,
        "restoreRate": 50.0
      }
    }
  }
}

 

Do I need a special scope to call storefrontAccessTokenCreate? If yes, then this isn't documented at all on pages https://shopify.dev/docs/admin-api/graphql/reference/mutation/storefrontaccesstokencreate?api[versio... and https://shopify.dev/docs/admin-api/access-scopes .

0 Likes
tolgapaksoy
Shopify Partner
67 5 37

Here's the X-Request-ID: 657060d8-01ec-46b2-a5bf-a76a83cf2a22

0 Likes
_JB
Shopify Staff
Shopify Staff
809 95 176

Hey @tolgapaksoy,

You need to request the unauthenticated scopes during Oauth. Details are in the docs you linked: https://shopify.dev/docs/storefront-api/getting-started#requesting-unauthenticated-scopes

JB | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes
tolgapaksoy
Shopify Partner
67 5 37

Hi @_JB 

So in order to create a Storefront token from the Admin API, I need to include all scopes from Storefront token also in my OAuth scopes for Admin API?

I just tried doing that with Request 29f77578-0646-4efe-80c3-65f03a8cb79a and it still gives me the same error.

0 Likes
_JB
Shopify Staff
Shopify Staff
809 95 176

Hey @tolgapaksoy,

I just pulled up that request but I'm still not seeing the unauthenticated scopes. The scopes I'm referring to all begin with the word unauthenticated, full list can be found here.

Keep in mind that if you're testing on a shop where the app was installed previously, you'll need to update the scopes first. You can do this by deleting the app and requesting the new scopes during install, or redirect the user back to Oauth with the new scopes included in the URL.

JB | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes
yakpak_rahulm
Tourist
13 0 1

Hi!

I'm seeing the same behavior. I'm receiving a "StorefrontAccessTokenCreate access denied" when I try a storefrontAccessTokenCreate mutation. I have the unauthenticated_ access scopes and uninstalled + reinstalled the app to make sure they've been set. Also, my app is a sales channel (in development phase). Here is one of the request IDs: 226d2e92925f59d2107d136ed948c228.

I've also tried sending the request from the GraphiQL explorer tool (from my test shop) and receive the same "access denied" error. Is there anything I can do about this?

Thanks,
Rahul

 

0 Likes
yakpak_rahulm
Tourist
13 0 1

@_JB are you still the right POC for this issue?

0 Likes
yakpak_rahulm
Tourist
13 0 1

I've solved this issue by making the access mode for my Admin API's access token "offline". For Shopify, I would recommend adding this to the Storefront API access token documentation since it's an implicit requirement.

kuwakino
New Member
1 0 1

thanks @yakpak_rahulm  I was facing the same.

for the ones who wants to use the offline mode:
https://shopify.dev/concepts/about-apis/authentication#offline-access

https://shopify.dev/tutorials/authenticate-with-oauth#step-2-ask-for-permission

 

I was using koa-auth library, and it includes : &grant_options%5B%5D=per-user
on the query params.

yakpak_rahulm
Tourist
13 0 1

Using "offline" access mode is causing graphQL calls to be redirected to "/auth". @_JB is there a way to create an "offline" access token to fetch a storefront access token upon installation, AND an "online" access token on every auth to make graphQL queries?

0 Likes