Discussing APIs and development related to customers, discounts, and order management.
Hello,
I am requesting `write_order_edits` permission for my app and everything works fine for some time but a few days later I start getting `OrderEditBegin access denied error` from the api calls. While this is happening I've noticed that the permission disappeared from the app without doing anything on my side.
Can anyone please help me fix this?
Hey @zionut_
If you'd like to supply me with a request_id where you see the access denied then that will be a good start and we can try and find out what's going on here. Thanks!
Hey @zionut_
Thanks for supplying that request ID! I'd taken a check of that request and indeed it's is missing the scopes of write_order_edits and read_order_edits when a call is made to version 2021-04 via the Postman client and hence we would expect an Access Denied.
That said, I can see other requests on the same day that are made via a different client (via Python) for the app - the other client actually does include those above scopes when a request is made with the Python client and the orderEditBegin mutation runs successfully.
I've raised a ticket for this and have begun some investigation. I'm wondering in the meantime if you'd like to re-request those access scopes for the client that is missing write_order_edits and read_order_edits? I'd really like to track the point at which the scopes begin to go missing as you'd mentioned too, as that behaviour wouldn't be expected. Thanks!
Hey @Luke_K
Here is another request using the 2020-10 version which our Python client uses: 0d8928ce-170e-4c93-9cf8-fa60df6d4ccc. This is for a different customer which has the same problem and for which used to work a few days ago.
Also, for the previous request_id, i've asked the customer to reconnect our shopify app to their store in order gain back the write_order_edits and read_order_edits scopes but I'm not sure how long this will take.
Maybe with 0d8928ce-170e-4c93-9cf8-fa60df6d4ccc (the new one) we have more success in this regard since the customer was already advised to reconnect it when it happens and he already did it a couple of times.
Hey @zionut_
Thanks for providing that extra request ID. The team have investigated here and we’d like to ask you to first retrieve the access scopes that are associated to your online/offline tokens. This can be done by performing a GET request to the access_scopes.json endpoint (docs)
Based on the GraphQL Access denied errors, it seem the token(s) for the app do not have the write_order_edits scope which would be required to make order edits on a store to store basis.
I’d recommend to check the documentation here which would provide more information on changing requested scopes. This would allow you to programatically update the access scopes. Let me know how that goes!
Hey @Luke_K ,
I'm working with @zionut_ on this one.
We can for sure check the scopes associated with the tokens we have for those apps. Actually that's how we know some permissions are missing. When a customer adds our app we request all the permissions required and it works(the customer can edit order) for while, then after a random period of time, the write_edit_order permission starts to be missing.
About the last example, our customer re-authorized, again, our app today, these are the scopes we have today (request id: 48e058f1-cb4d-4ec7-8c07-cda350adc90b)
{
"access_scopes": [
{
"handle": "read_all_orders"
},
{
"handle": "write_orders"
},
{
"handle": "write_order_edits"
},
{
"handle": "write_customers"
},
{
"handle": "write_themes"
},
{
"handle": "read_products"
},
{
"handle": "write_draft_orders"
},
{
"handle": "read_orders"
},
{
"handle": "read_order_edits"
},
{
"handle": "read_customers"
},
{
"handle": "read_themes"
},
{
"handle": "read_draft_orders"
}
]
}
So, today it works for this customer (I made a successful edit order begin call :e5c71bf7-88d1-4789-95be-60e34204e12a). Now I'm confident the issue will happen again and that the same token that works today will be missing permissions in some days, I'll let you know as soon as it happens.
For now our customers have to re-authorize the app every time it happens which is not ideal.
Thank you for your help on this matter.
Hey @MaxDry
Thanks - I'll send you a DM, there is some information I've found based on the back of the request ID's.