I’ve been implementing Shopify’s new token exchange and I’m curious how to detect scope changes so I can ensure my app only starts using the new scope once approved. For example, let’s say I use offline tokens and use the token API exchange to create an offline token with the scope “read_orders”. I save this access token in my database.
Let’s say I develop a new feature that requires a new “write_orders” scope so I add this to my .toml file and deploy.
Now, the existing offline tokens do not have access to this new scope until users approve the new permission. Once a user approves the new permission, how can I be notified or how can I check if I need to create a new token (either online or offline).
Great, thanks! What would you recommend in terms of implementation? Ideally, it would be a webhook so I don’t have to hit the API endpoint continuously. Now I would have to cycle through all the tokens or does the API give a consistent error when scopes are missing?