AppBridgeError - APP::ERROR::PERMISSION

WSG
Visitor
1 0 0

Hi there,

I have a merchant who recently installed my app. In my app's admin menu they're getting an AppBridgeError when opening a Resource Picker. The error is APP::ERROR::PERMISSION, which seems to imply that  our app doesn't have the right read permissions to view their products/collections, but looking in the app's About menu, it looks like we do.

No other merchants have reported the same issue, and I've asked that the reinstall the app to see if that corrects the issue. Has anyone else ever seen something like this before?

Replies 4 (4)

d_tehrani
Shopify Partner
56 1 13

Hi @WSG.

 

Have you found the solution?

I'm experiencing the same issue.

rony36
Tourist
3 0 3

one of my merchants is facing same issue!

DaveMartin
Shopify Partner
4 0 5

For us it was due to needing to update how the createApp is defined.

 

Originally we had:

 

var app = createApp({
    apiKey: xxxx,
    shopOrigin: xxxx
});

 

 

It now only seems to need the host from the iframe URL param. 

 

var app = createApp({
    apiKey: apiKey,
    host: host
});

 

 

 

 

Shopify Developer & App Creator

walkingbrad
Shopify Partner
7 0 2

I'm noticing this happening on staff accounts that don't have sufficient permissions given to them by the store owner when invited. For example, if I invite a staff account to my dev store but only give them permissions to access my app but don't select the "Products" checkbox, any GraphQL query made to Product/Collection resources will fail with this error. I believe this is caused because the access token used in "online" mode is determined from the user's session (so the permissions are constrained to the current user). Presumably, if you also had created an admin api access token in "offline" mode that you saved somewhere, you could perform the GraphQL requests using that. But I'm sure there are potential security implications there.

 

So that all being said, I'm still not sure what to do with this information. It's not a great UX to have under-permissioned staff accounts jump into our app and have a half-working experience (even if we managed to provide really awesome error messaging in this scenario). I'd love to be able to determine these permission issues ahead of time so we could build features around it instead.

https://apps.shopify.com/hex-mobile