Sign up
Quick links
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

storefrontAccessTokenCreate mutation always returns "Access Denied"

‎10-10-2020 11:04 AM
tolgapaksoy
Shopify Partner
67 5 35

I am working on an app that also requires a storefront access token. I am setting it up to create an access token when the app is logged into.

But it always returns an error:

mutation storefrontAccessTokenCreate($input: StorefrontAccessTokenInput!) {
  storefrontAccessTokenCreate(input: $input) {
    storefrontAccessToken {
      accessToken
    }
    userErrors {
      field
      message
    }
  }
}

And variables:

{
	"input": {
    "title": "Test name"
  }
}

Which outputs:

{
  "data": {
    "storefrontAccessTokenCreate": null
  },
  "errors": [
    {
      "message": "StorefrontAccessTokenCreate access denied",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "storefrontAccessTokenCreate"
      ]
    }
  ],
  "extensions": {
    "cost": {
      "requestedQueryCost": 10,
      "actualQueryCost": 10,
      "throttleStatus": {
        "maximumAvailable": 1000.0,
        "currentlyAvailable": 990,
        "restoreRate": 50.0
      }
    }
  }
}

 

Do I need a special scope to call storefrontAccessTokenCreate? If yes, then this isn't documented at all on pages https://shopify.dev/docs/admin-api/graphql/reference/mutation/storefrontaccesstokencreate?api[versio... and https://shopify.dev/docs/admin-api/access-scopes .

0 Likes
Reply
‎10-10-2020 11:10 AM
tolgapaksoy
Shopify Partner
67 5 35

Here's the X-Request-ID: 657060d8-01ec-46b2-a5bf-a76a83cf2a22

0 Likes
Reply
‎10-12-2020 10:13 AM
_JB
Shopify Staff
Shopify Staff
785 93 174

Hey @tolgapaksoy,

You need to request the unauthenticated scopes during Oauth. Details are in the docs you linked: https://shopify.dev/docs/storefront-api/getting-started#requesting-unauthenticated-scopes

JB | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes
Reply
‎10-12-2020 11:17 AM
tolgapaksoy
Shopify Partner
67 5 35

Hi @_JB 

So in order to create a Storefront token from the Admin API, I need to include all scopes from Storefront token also in my OAuth scopes for Admin API?

I just tried doing that with Request 29f77578-0646-4efe-80c3-65f03a8cb79a and it still gives me the same error.

0 Likes
Reply
‎10-12-2020 11:33 AM
_JB
Shopify Staff
Shopify Staff
785 93 174

Hey @tolgapaksoy,

I just pulled up that request but I'm still not seeing the unauthenticated scopes. The scopes I'm referring to all begin with the word unauthenticated, full list can be found here.

Keep in mind that if you're testing on a shop where the app was installed previously, you'll need to update the scopes first. You can do this by deleting the app and requesting the new scopes during install, or redirect the user back to Oauth with the new scopes included in the URL.

JB | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes
Reply
‎03-06-2021 12:07 AM
yakpak_rahulm
Tourist
13 0 1

Hi!

I'm seeing the same behavior. I'm receiving a "StorefrontAccessTokenCreate access denied" when I try a storefrontAccessTokenCreate mutation. I have the unauthenticated_ access scopes and uninstalled + reinstalled the app to make sure they've been set. Also, my app is a sales channel (in development phase). Here is one of the request IDs: 226d2e92925f59d2107d136ed948c228.

I've also tried sending the request from the GraphiQL explorer tool (from my test shop) and receive the same "access denied" error. Is there anything I can do about this?

Thanks,
Rahul

 

0 Likes
Reply
‎03-08-2021 03:25 PM
yakpak_rahulm
Tourist
13 0 1

@_JB are you still the right POC for this issue?

0 Likes
Reply
‎03-09-2021 02:05 PM
yakpak_rahulm
Tourist
13 0 1

I've solved this issue by making the access mode for my Admin API's access token "offline". For Shopify, I would recommend adding this to the Storefront API access token documentation since it's an implicit requirement.

Reply
‎03-12-2021 02:50 PM
kuwakino
New Member
1 0 1

thanks @yakpak_rahulm  I was facing the same.

for the ones who wants to use the offline mode:
https://shopify.dev/concepts/about-apis/authentication#offline-access

https://shopify.dev/tutorials/authenticate-with-oauth#step-2-ask-for-permission

 

I was using koa-auth library, and it includes : &grant_options%5B%5D=per-user
on the query params.

Reply
‎03-24-2021 06:14 PM
yakpak_rahulm
Tourist
13 0 1

Using "offline" access mode is causing graphQL calls to be redirected to "/auth". @_JB is there a way to create an "offline" access token to fetch a storefront access token upon installation, AND an "online" access token on every auth to make graphQL queries?

0 Likes
Reply
Quick links
Facebook Twitter Youtube Instagram Linkedin Pinterest
Terms of Service Privacy Policy