FROM CACHE - en_header

Storefront access token request: Token must be eligible to manage storefront tokens.

wakkoyakkodot
Tourist
4 0 1
‎10-20-2021 06:36 PM

Storefront access token request: Token must be eligible to manage storefront tokens.

i have a sales channel app with an access token with the following scopes. 

 

https --check-status --ignore-stdin --timeout=180 GET "fancy-pants-store-1.myshopify.com/admin/oauth/access_scopes.json" Content-Type:"application/json; charset=utf-8" X-Shopify-Access-Token:"<token>"

HTTP/1.1 200 OK
CF-Cache-Status: DYNAMIC
CF-RAY: 6a15ad8d2f1a2863-DFW
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopifycdn.net https://checkout.shopifycs.com https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Faccess_scopes&source%5Bsection%5D=admin_api&source%5Buuid%5D=46b1cdd1-315d-4344-b030-bc869661c198
Content-Type: application/json; charset=utf-8
Date: Wed, 20 Oct 2021 22:28:13 GMT
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
HTTP_X_SHOPIFY_SHOP_API_CALL_LIMIT: 1/40
Referrer-Policy: origin-when-cross-origin
Server: cloudflare
Strict-Transport-Security: max-age=7889238
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
X-Download-Options: noopen
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: 46b1cdd1-315d-4344-b030-bc869661c198
X-ShardId: 138
X-ShopId: 55072620683
X-Shopify-API-Version: 2021-01
X-Shopify-Shop-Api-Call-Limit: 1/40
X-Shopify-Stage: production
X-Sorting-Hat-PodId: 138
X-Sorting-Hat-ShopId: 55072620683
X-Stats-ApiClientId: 5953411
X-Stats-ApiPermissionId: 315021164683
X-Stats-UserId: 71595327627
X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Faccess_scopes&source%5Bsection%5D=admin_api&source%5Buuid%5D=46b1cdd1-315d-4344-b030-bc869661c198
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

{
    "access_scopes": [
        {
            "handle": "write_products"
        },
        {
            "handle": "write_customers"
        },
        {
            "handle": "write_draft_orders"
        },
        {
            "handle": "unauthenticated_write_checkouts"
        },
        {
            "handle": "unauthenticated_write_customers"
        },
        {
            "handle": "unauthenticated_read_customer_tags"
        },
        {
            "handle": "unauthenticated_read_content"
        },
        {
            "handle": "unauthenticated_read_product_listings"
        },
        {
            "handle": "unauthenticated_read_product_tags"
        },
        {
            "handle": "read_products"
        },
        {
            "handle": "read_customers"
        },
        {
            "handle": "read_draft_orders"
        },
        {
            "handle": "unauthenticated_read_checkouts"
        },
        {
            "handle": "unauthenticated_read_customers"
        }
    ]
}

 

the above works just fine but this fails.

>>>>
https --check-status  --timeout=180 POST "fancy-pants-store-1.myshopify.com/admin/api/2021-10/storefront_access_tokens.json" <<<'{"storefront_access_token": {"title": "Token"}}' Content-Type:"application/json; charset=utf-8" X-Shopify-Access-Token:"<token>"
<<<<
HTTP/1.1 403 Forbidden
CF-Cache-Status: DYNAMIC
CF-RAY: 6a15b1e40dc866b9-DFW
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopifycdn.net https://checkout.shopifycs.com https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=create&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fstorefront_access_tokens&source%5Bsection%5D=admin_api&source%5Buuid%5D=933044f0-b47f-4234-88a3-b0a5647f5165
Content-Type: application/json; charset=utf-8
Date: Wed, 20 Oct 2021 22:31:11 GMT
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
HTTP_X_SHOPIFY_SHOP_API_CALL_LIMIT: 1/40
Referrer-Policy: origin-when-cross-origin
Server: cloudflare
Strict-Transport-Security: max-age=7889238
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Dc: gcp-us-central1,gcp-us-central1,gcp-us-central1
X-Download-Options: noopen
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: 933044f0-b47f-4234-88a3-b0a5647f5165
X-ShardId: 138
X-ShopId: 55072620683
X-Shopify-API-Version: 2021-10
X-Shopify-Shop-Api-Call-Limit: 1/40
X-Shopify-Stage: production
X-Sorting-Hat-PodId: 138
X-Sorting-Hat-ShopId: 55072620683
X-Stats-ApiClientId: 5953411
X-Stats-ApiPermissionId: 315021164683
X-Stats-UserId: 71595327627
X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=create&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fstorefront_access_tokens&source%5Bsection%5D=admin_api&source%5Buuid%5D=933044f0-b47f-4234-88a3-b0a5647f5165
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

{
    "errors": "Token must be eligible to manage storefront tokens."
}

 

I've tried multiple apps and multiple stores, logging out of all sessions, even logging out of shopify.com. i've used incognito windows etc. nothing seems to work.

can you provide step by step instructions to create a "sales channel app" and get a storefront access token. We have proprietary app that gets the same error and I've tried the sample app here as well to the same affect: https://github.com/christopherdodd/shopify-koa-server

I see a number of other posts about the same error, and same suggestions keep getting repeated, that don't work. very frustrating.

976 Views
0 Likes
Report
Replies 5 (5)
wakkoyakkodot
Tourist
4 0 1
‎10-21-2021 03:09 PM

Re: Storefront access token request: Token must be eligible to manage storefront tokens.

If someone else is having trouble with this. The below snippet worked for me. Seems setting the `accessMode` to `offline` is required, even though that's supposed to be the default value for that field and it isn't documented anywhere in the shopify docs. cheers.

 

        scopes: [
            "write_products",
            "write_customers",
            "write_draft_orders",
            "unauthenticated_write_checkouts",
            "unauthenticated_read_product_listings",
            "unauthenticated_read_product_tags"
        ],
        accessMode: "offline",
801 Views
0 Likes
Report
harishganapathi
New Member
2 0 0
‎01-21-2022 01:32 PM

Re: Storefront access token request: Token must be eligible to manage storefront tokens.

Exactly can you tell where to added the access mode Flag. I am also stuck at this same issue for multiple days.

 

343 Views
0 Likes
Report
wakkoyakkodot
Tourist
4 0 1
‎01-21-2022 01:36 PM

Re: Storefront access token request: Token must be eligible to manage storefront tokens.

Here's the full snippet. You specify the scopes, access mode and other params when you create the Shopify auth request.

 

    createShopifyAuth({
        apiKey: SHOPIFY_API_KEY,
        secret: SHOPIFY_API_SECRET_KEY,
        scopes: [
            "read_orders",
            "read_products",
            "read_customers",
            "write_draft_orders",
            "unauthenticated_write_checkouts",
            "unauthenticated_read_product_listings",
            "unauthenticated_read_product_tags"
        ],
        accessMode: "offline",

        afterAuth(ctx) {
            const { shop, accessToken } = ctx.session;

            console.log(`> session ${JSON.stringify(ctx.session)}`)

            console.log(`> shop origin  ${shop}`);
            console.log(`> access token ${accessToken}`);
        
            ctx.cookies.set("accessToken", accessToken, { httpOnly: false });
            ctx.cookies.set("shopOrigin", shop, { httpOnly: false });
            ctx.redirect("/");
        }
    })

 

340 Views
Report
harishganapathi
New Member
2 0 0
‎01-21-2022 01:48 PM

Re: Storefront access token request: Token must be eligible to manage storefront tokens.

@wakkoyakkodot I hope this helps a lot of beginners like me. Thanks a ton. _/\_ 

335 Views
0 Likes
Report

Community Blog Articles

Ollie_0-1661279629364.jpeg

Troubleshooting: Products aren't displaying in my collection

Have you created a collection on your online store and experienced an issue with adding yo...

By shopify staff Ollie Aug 24, 2022
Trevor_0-1658936764652.jpeg

How you can use PayPal to accept payments and pay your Shopify bill

Connect your PayPal account to allow your customers to checkout using the PayPal gateway a...

By shopify staff Ollie Jul 28, 2022
Ollie_0-1655835122068.jpeg

Improving your online store speed

Your online store speed can enhance your store’s discoverability, boost conversion rates a...

By shopify staff Ollie Jun 30, 2022
Terms of Service Privacy Policy