StorefrontAccessToken Request "Token must be eligible to manage storefront tokens." 403 Forbidden

Solved

StorefrontAccessToken Request "Token must be eligible to manage storefront tokens." 403 Forbidden

heisenbaby
Tourist
7 0 1

Hello,

I have created a public app with sales channel enabled and am trying to generate the storefront API access token but keep getting a status code 403 with following response body:

x-request-id: (41437402-df7a-42cc-b88d-8e98cc3270ad)
{
"errors""Token must be eligible to manage storefront tokens."
}.
 
The Admin API has the following scopes so i'm not sure what is missing or incorrect. Any ideas?
 
Admin API (https://{shop}/admin/api/2019-10/graphql.json) Request:
{
  appInstallation {
    accessScopes {
      handle
      description
    }
  }
}

Response:
{
    "data": {
        "appInstallation": {
            "accessScopes": [
                {
                    "handle": "read_product_listings",
                    "description": "Read product information"
                },
                {
                    "handle": "read_orders",
                    "description": "Read orders, transactions, and fulfillments"
                },
                {
                    "handle": "read_shipping",
                    "description": "Read shipping rates, countries, and provinces"
                },
                {
                    "handle": "write_content",
                    "description": "Modify store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "write_products",
                    "description": "Modify products, variants, and collections"
                },
                {
                    "handle": "write_customers",
                    "description": "Modify customer details and customer groups"
                },
                {
                    "handle": "write_draft_orders",
                    "description": "Modify draft orders"
                },
                {
                    "handle": "unauthenticated_read_customer_tags",
                    "description": "Read customer tags"
                },
                {
                    "handle": "unauthenticated_read_content",
                    "description": "Read store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "unauthenticated_read_product_listings",
                    "description": "Read product information"
                },
                {
                    "handle": "unauthenticated_read_product_tags",
                    "description": "Read product tags"
                },
                {
                    "handle": "unauthenticated_read_collection_listings",
                    "description": "Read collection listings"
                },
                {
                    "handle": "unauthenticated_write_checkouts",
                    "description": "Modify checkouts"
                },
                {
                    "handle": "unauthenticated_write_customers",
                    "description": "Modify customer details and customer groups"
                },
                {
                    "handle": "read_content",
                    "description": "Read store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "read_products",
                    "description": "Read products, variants, and collections"
                },
                {
                    "handle": "read_customers",
                    "description": "Read customer details and customer groups"
                },
                {
                    "handle": "read_draft_orders",
                    "description": "Read draft orders"
                },
                {
                    "handle": "unauthenticated_read_checkouts",
                    "description": "Read checkouts"
                },
                {
                    "handle": "unauthenticated_read_customers",
                    "description": "Read customer details and customer groups"
                }
            ]
        }
    },
    "extensions": {
        "cost": {
            "requestedQueryCost": 2,
            "actualQueryCost": 2,
            "throttleStatus": {
                "maximumAvailable": 1000.0,
                "currentlyAvailable": 998,
                "restoreRate": 50.0
            }
        }
    }
}

 

Accepted Solutions (2)

awwdam
Shopify Staff
249 42 37

This is an accepted solution.

Hey @heisenbaby, just wanted to touch base on this to ask and share a few things here!
 




If yes to the above, here are a few questions to work through:
 
1. Does this persist across multiple testing and/or development stores?
2. Are you using REST or GraphQL?
3. If yes, have you tested with both using their corresponding endpoints? 
4. Can you replicate this across more than one app? 


Feel free to let me know once you have worked through this, and I would be happy to try and pass on any other insights if needed - Cheers!

awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

tomwilson
Shopify Partner
3 1 3

This is an accepted solution.

 

 

accessMode: 'offline'

 

Was the key to making this work for me 😄

View solution in original post

Replies 5 (5)

awwdam
Shopify Staff
249 42 37

This is an accepted solution.

Hey @heisenbaby, just wanted to touch base on this to ask and share a few things here!
 




If yes to the above, here are a few questions to work through:
 
1. Does this persist across multiple testing and/or development stores?
2. Are you using REST or GraphQL?
3. If yes, have you tested with both using their corresponding endpoints? 
4. Can you replicate this across more than one app? 


Feel free to let me know once you have worked through this, and I would be happy to try and pass on any other insights if needed - Cheers!

awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

tomwilson
Shopify Partner
3 1 3

Did you ever figure this out? I have the same issue 😞

tomwilson
Shopify Partner
3 1 3

This is an accepted solution.

 

 

accessMode: 'offline'

 

Was the key to making this work for me 😄

seymur_crsp
Shopify Partner
67 4 10

Can you elaborate please ? Where should I put the 

accessMode: "offline"

?

tomwilson
Shopify Partner
3 1 3

So, this may or may not be the issue you are having, as it depends how you are requesting the Shopify API access token (which you in turn use when to request a storefront token).

 

The default when requesting access to the Shopify API is for tokens to have offline access (https://shopify.dev/apps/auth/oauth/access-modes), But if you are using the @Shopify/koa-shopify-auth module that a lot of the sample code uses, when you request the token with createShopifyAuth, you need to specify it, as it defaults to requesting tokens with 'online' access. And those don't work to create a Storefront token - or they didn't. It was a while since I did this and it was poorly documented (hence this thread).

 

    createShopifyAuth({
      accessMode: 'offline',
      async afterAuth(ctx) {
       ... whatever
      }
    })

 

Best of luck!