StorefrontAccessToken Request "Token must be eligible to manage storefront tokens." 403 Forbidden

Retired Boards Appdev Authentication
1

Hello,

I have created a public app with sales channel enabled and am trying to generate the storefront API access token but keep getting a status code 403 with following response body:

POST /admin/api/2021-07/storefront_access_tokens.json
x-request-id: (41437402-df7a-42cc-b88d-8e98cc3270ad)
{
“errors”: “Token must be eligible to manage storefront tokens.”
}.

The Admin API has the following scopes so i’m not sure what is missing or incorrect. Any ideas?

Admin API (https://{shop}/admin/api/2019-10/graphql.json) Request:
{
  appInstallation {
    accessScopes {
      handle
      description
    }
  }
}

Response:
{
    "data": {
        "appInstallation": {
            "accessScopes": [
                {
                    "handle": "read_product_listings",
                    "description": "Read product information"
                },
                {
                    "handle": "read_orders",
                    "description": "Read orders, transactions, and fulfillments"
                },
                {
                    "handle": "read_shipping",
                    "description": "Read shipping rates, countries, and provinces"
                },
                {
                    "handle": "write_content",
                    "description": "Modify store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "write_products",
                    "description": "Modify products, variants, and collections"
                },
                {
                    "handle": "write_customers",
                    "description": "Modify customer details and customer groups"
                },
                {
                    "handle": "write_draft_orders",
                    "description": "Modify draft orders"
                },
                {
                    "handle": "unauthenticated_read_customer_tags",
                    "description": "Read customer tags"
                },
                {
                    "handle": "unauthenticated_read_content",
                    "description": "Read store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "unauthenticated_read_product_listings",
                    "description": "Read product information"
                },
                {
                    "handle": "unauthenticated_read_product_tags",
                    "description": "Read product tags"
                },
                {
                    "handle": "unauthenticated_read_collection_listings",
                    "description": "Read collection listings"
                },
                {
                    "handle": "unauthenticated_write_checkouts",
                    "description": "Modify checkouts"
                },
                {
                    "handle": "unauthenticated_write_customers",
                    "description": "Modify customer details and customer groups"
                },
                {
                    "handle": "read_content",
                    "description": "Read store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "read_products",
                    "description": "Read products, variants, and collections"
                },
                {
                    "handle": "read_customers",
                    "description": "Read customer details and customer groups"
                },
                {
                    "handle": "read_draft_orders",
                    "description": "Read draft orders"
                },
                {
                    "handle": "unauthenticated_read_checkouts",
                    "description": "Read checkouts"
                },
                {
                    "handle": "unauthenticated_read_customers",
                    "description": "Read customer details and customer groups"
                }
            ]
        }
    },
    "extensions": {
        "cost": {
            "requestedQueryCost": 2,
            "actualQueryCost": 2,
            "throttleStatus": {
                "maximumAvailable": 1000.0,
                "currentlyAvailable": 998,
                "restoreRate": 50.0
            }
        }
    }
}
2

Hey @heisenbaby , just wanted to touch base on this to ask and share a few things here!

If yes to the above, here are a few questions to work through:

1. Does this persist across multiple testing and/or development stores?
2. Are you using REST or GraphQL?
3. If yes, have you tested with both using their corresponding endpoints?
4. Can you replicate this across more than one app?

Feel free to let me know once you have worked through this, and I would be happy to try and pass on any other insights if needed - Cheers!

3

Did you ever figure this out? I have the same issue :disappointed_face:

4 
accessMode: 'offline'

Was the key to making this work for me :grinning_face_with_smiling_eyes:

3 Likes
5

Can you elaborate please ? Where should I put the

accessMode: "offline"

?

6

So, this may or may not be the issue you are having, as it depends how you are requesting the Shopify API access token (which you in turn use when to request a storefront token).

The default when requesting access to the Shopify API is for tokens to have offline access (https://shopify.dev/apps/auth/oauth/access-modes), But if you are using the @Shopify_77 /koa-shopify-authmodule that a lot of the sample code uses, when you request the token with createShopifyAuth, you need to specify it, as it defaults to requesting tokens with ‘online’ access. And those don’t work to create a Storefront token - or they didn’t. It was a while since I did this and it was poorly documented (hence this thread).

createShopifyAuth({
      accessMode: 'offline',
      async afterAuth(ctx) {
       ... whatever
      }
    })

Best of luck!