[Bug]: Unable to deploy app with `read_shopify_payments_dispute_evidences` scope

[arturgontijo]

Please confirm that you have:

• [X] Searched existing issues to see if your issue is a duplicate. (If you’ve found a duplicate issue, feel free to add additional information in a comment on it.)
• [X] Reproduced the issue in the latest CLI version.

In which of these areas are you experiencing a problem?

App

Expected behavior

Be able to release an app with the following scopes:

read_orders
read_customers
read_products
read_files
write_files
read_shopify_payments_payouts
read_shopify_payments_disputes
read_shopify_payments_dispute_evidences

It would be great to also have:

read_shopify_payments_dispute_file_uploads
write_shopify_payments_dispute_file_uploads

Actual behavior

Releasing a new app version as part of myApp

╭─ error ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│                                                                                                                                                          │
│  Version couldn't be created.                                                                                                                            │
│                                                                                                                                                          │
│  app-access                                                                                                                                              │
│                                                                                                                                                          │
│  Validation errors                                                                                                                                       │
│    • scopes: read_shopify_payments_dispute_evidences                                                                                                     │
│                                                                                                                                                          │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

Verbose output

Releasing a new app version as part of myApp

2024-08-08T10:48:25.787Z: Sync-creating directory at /private/var/folders/gh/28zcq54j66v7rz32_9qnzjyh0000gn/T/266266b9fb1da6afb8879191e40aba8b/bundle...
2024-08-08T10:48:25.787Z: Creating an empty file at /private/var/folders/gh/28zcq54j66v7rz32_9qnzjyh0000gn/T/266266b9fb1da6afb8879191e40aba8b/bundle/.shopify...
2024-08-08T10:48:25.802Z: Sending "Partners" GraphQL request:
  mutation AppDeploy(
    $apiKey: String!
    $bundleUrl: String
    $appModules: [AppModuleSettings!]
    $skipPublish: Boolean
    $message: String
    $versionTag: String
    $commitReference: String
  ) {
    appDeploy(
      input: {
        apiKey: $apiKey
        bundleUrl: $bundleUrl
        appModules: $appModules
        skipPublish: $skipPublish
        message: $message
        versionTag: $versionTag
        commitReference: $commitReference
      }
    ) {
      appVersion {
        uuid
        id
        message
        versionTag
        location
        appModuleVersions {
          uuid
          registrationUuid
          validationErrors {
            message
            field
          }
        }
      }
      userErrors {
        message
        field
        category
        details
      }
    }
  }

With variables:
{
  "appId": "114535694337",
  "apiKey": "*****",
  "name": "myApp",
  "skipPublish": false,
  "appModules": [
    {
      "config": "{\"name\":\"myApp\",\"app_handle\":\"myApp\"}",
      "context": "",
      "handle": "branding",
      "uuid": "18eb5597-3eb2-4fce-bdcc-d074ef7aecfb",
      "specificationIdentifier": "BRANDING"
    },
    {
      "config": "{\"scopes\":\"read_customers,read_files,read_orders,read_products,read_shopify_payments_dispute_evidences,read_shopify_payments_disputes,read_shopify_payments_payouts,write_files\",\"redirect_url_allowlist\":[\"https://reid-termination-funeral-attachment.trycloudflare.com/auth/callback\",\"https://reid-termination-funeral-attachment.trycloudflare.com/auth/shopify/callback\",\"https://reid-termination-funeral-attachment.trycloudflare.com/api/auth/callback\"]}",
      "context": "",
      "handle": "app-access",
      "uuid": "a2227f43-2235-4134-857f-7587ebeee368",
      "specificationIdentifier": "APP_ACCESS"
    },
    {
      "config": "{\"api_version\":\"2024-07\"}",
      "context": "",
      "handle": "webhooks",
      "uuid": "944d85ca-a072-4fd3-86c3-ffd8a999ace4",
      "specificationIdentifier": "WEBHOOKS"
    },
    {
      "config": "{\"embedded\":false}",
      "context": "",
      "handle": "point-of-sale",
      "uuid": "a794536c-ffc7-48e9-899d-5aef290293db",
      "specificationIdentifier": "POINT_OF_SALE"
    },
    {
      "config": "{\"app_url\":\"https://reid-termination-funeral-attachment.trycloudflare.com\",\"embedded\":true}",
      "context": "",
      "handle": "app-home",
      "uuid": "b7835cfa-aafc-4a2b-8a55-45b389c48948",
      "specificationIdentifier": "APP_HOME"
    }
  ]
}

With request headers:
 - User-Agent: Shopify CLI; v=3.65.1
 - Keep-Alive: timeout=30
 - Sec-CH-UA-PLATFORM: darwin
 - Content-Type: application/json

2024-08-08T10:48:26.545Z: Request to https://partners.shopify.com/api/cli/graphql completed in 741 ms
With response headers:
 - cache-control: max-age=0, private, must-revalidate
 - content-type: application/json; charset=utf-8
 - etag: W/"ef41d97372c3d1018f6ebbd6e0c86c52"
 - x-request-id: b44f319e-c222-4e1c-a9aa-07f3c023e459-1723114105

╭─ error ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│                                                                                                                                                          │
│  Version couldn't be created.                                                                                                                            │
│                                                                                                                                                          │
│  app-access                                                                                                                                              │
│                                                                                                                                                          │
│  Validation errors                                                                                                                                       │
│    • scopes: read_shopify_payments_dispute_evidences                                                                                                     │
│                                                                                                                                                          │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

2024-08-08T10:48:26.555Z: 
Running system process:
  · Command: npm prefix
  · Working directory: /Users/arturgontijo/workspace/myApp/MVP/April/shopify/myApp

2024-08-08T10:48:26.717Z: Obtaining the dependency manager in directory /Users/arturgontijo/workspace/myApp/MVP/April/shopify/myApp...
2024-08-08T10:48:26.719Z: 
Running system process:
  · Command: ruby -v
  · Working directory: /Users/arturgontijo/workspace/myApp/MVP/April/shopify/myApp

2024-08-08T10:48:26.971Z: Request to https://monorail-edge.shopifysvc.com/v1/produce completed in 239 ms
With response headers:
 - x-request-id: e2b9fb86-651a-4790-afca-8e625883afb0

2024-08-08T10:48:26.972Z: Analytics event sent: {
  "command": "app deploy",
  "time_start": 1723114099234,
  "time_end": 1723114106552,
  "total_time": 7318,
  "success": false,
  "cli_version": "3.65.1",
  "ruby_version": "2.6.10",
  "node_version": "20.12.2",
  "is_employee": false,
  "uname": "darwin arm64",
  "env_ci": false,
  "env_plugin_installed_any_custom": true,
  "env_plugin_installed_shopify": "[]",
  "env_shell": "zsh",
  "env_device_id": "55cdcdaf1d2bf841d6096a696752a1d386691d89",
  "env_cloud": "localhost",
  "env_package_manager": "npm",
  "env_is_global": true,
  "cmd_all_timing_network_ms": 4564,
  "cmd_all_timing_prompts_ms": 1979,
  "cmd_all_launcher": "npm",
  "cmd_all_topic": "app",
  "cmd_all_plugin": "@shopify/app",
  "cmd_all_force": false,
  "cmd_all_verbose": true,
  "cmd_all_path_override": true,
  "cmd_all_path_override_hash": "9700e1d0d9228125fcaea77cf45aaf0f2592bb1c",
  "cmd_app_reset_used": false,
  "cmd_all_timing_active_ms": 773,
  "cmd_all_exit": "expected_error",
  "args": "--verbose",
  "error_message": "Version couldn't be created.",
  "env_plugin_installed_all": "[\"shopify\"]",
  "metadata": "{\"extraPublic\":{\"shopify\":{\"cmd_app_warning_api_key_deprecation_displayed\":false,\"cmd_deploy_flag_message_used\":false,\"cmd_deploy_flag_version_used\":false,\"cmd_deploy_flag_source_url_used\":false,\"cmd_app_all_configs_any\":true,\"cmd_app_all_configs_clients\":\"{\\\"shopify.app.toml\\\":\\\"e7ffa12fa9597c99d258feb03f17062a\\\"}\",\"cmd_app_linked_config_used\":true,\"cmd_app_linked_config_name\":\"shopify.app.toml\",\"cmd_app_linked_config_git_tracked\":true,\"cmd_app_linked_config_source\":\"cached\",\"cmd_app_linked_config_uses_cli_managed_urls\":true,\"project_type\":\"node\",\"app_extensions_any\":false,\"app_extensions_breakdown\":\"{}\",\"app_extensions_count\":0,\"app_extensions_custom_layout\":false,\"app_extensions_function_any\":false,\"app_extensions_function_count\":0,\"app_extensions_theme_any\":false,\"app_extensions_theme_count\":0,\"app_extensions_ui_any\":false,\"app_extensions_ui_count\":0,\"app_name_hash\":\"f4e11c25ae290e4229ecbfb92fd80fc3304894b8\",\"app_path_hash\":\"9700e1d0d9228125fcaea77cf45aaf0f2592bb1c\",\"app_scopes\":\"[\\\"read_customers\\\",\\\"read_files\\\",\\\"read_orders\\\",\\\"read_products\\\",\\\"read_shopify_payments_dispute_evidences\\\",\\\"read_shopify_payments_disputes\\\",\\\"read_shopify_payments_payouts\\\",\\\"write_files\\\"]\",\"app_web_backend_any\":true,\"app_web_backend_count\":1,\"app_web_custom_layout\":true,\"app_web_framework\":\"remix\",\"app_web_frontend_any\":true,\"app_web_frontend_count\":1,\"env_package_manager_workspaces\":true,\"partner_id\":3576978,\"api_key\":\"e7ffa12fa9597c99d258feb03f17062a\",\"cmd_deploy_include_config_used\":true,\"cmd_deploy_config_modules_breakdown\":\"[\\\"access_scopes\\\",\\\"application_url\\\",\\\"auth\\\",\\\"embedded\\\",\\\"handle\\\",\\\"name\\\",\\\"pos\\\",\\\"webhooks\\\"]\",\"cmd_deploy_config_modules_updated\":\"[\\\"access_scopes\\\",\\\"application_url\\\",\\\"auth\\\"]\",\"cmd_deploy_confirm_new_registrations\":0,\"cmd_deploy_confirm_updated_registrations\":0,\"cmd_deploy_confirm_removed_registrations\":0,\"cmd_deploy_confirm_cancelled\":false,\"cmd_deploy_confirm_time_to_complete_ms\":1980}},\"extraSensitive\":{\"shopify\":{\"app_name\":\"myApp\"}}}"
}
2024-08-08T10:48:26.976Z: Reporting handled error to Bugsnag: Version couldn't be created.

Reproduction steps

1. Install cli
2. Add scopes = "read_orders,read_customers,read_products,read_files,write_files,read_shopify_payments_payouts,read_shopify_payments_disputes,read_shopify_payments_dispute_evidences" to shopify.app.toml
3. npx shopify app deploy --verbose

Operating System

Mac OS Sonoma 14.5

Shopify CLI version (check your project's package.json if you're not sure)

3.65.1

Shell

zsh 5.9

Node version (run node -v if you're not sure)

v20.12.2

What language and version are you using in your application?

Node v20.12.2

[arturgontijo]

If I remove read_shopify_payments_dispute_evidences I am able to deploy the app, but when I try to query evidences, I get this:

{
  "errors": [
    {
      "message": "Access denied for disputeEvidence field. Required access: `read_shopify_payments_dispute_evidences` access scope.",
      "locations": [
        {
          "line": 1,
          "column": 3
        }
      ],
      "path": [
        "disputeEvidence"
      ],
      "extensions": {
        "code": "ACCESS_DENIED",
        "documentation": "https://shopify.dev/api/usage/access-scopes",
        "requiredAccess": "`read_shopify_payments_dispute_evidences` access scope."
      }
    }
  ],
  "data": {
    "disputeEvidence": null
  },
  "extensions": {
    "cost": {
      "requestedQueryCost": 2,
      "actualQueryCost": 1,
      "throttleStatus": {
        "maximumAvailable": 2000.0,
        "currentlyAvailable": 1999,
        "restoreRate": 100.0
      }
    }
  }
}

[arturgontijo]

If I use use_legacy_install_flow = true I am able to deploy it:

But when I try to Oauth my store, I get this:

[amcaplan]

Thanks for getting in touch about this! The scope you mentioned is for payments apps only. Your app doesn't seem to be a payments app. You can learn more about payments apps here.

[arturgontijo]

Hey @amcaplan, thank you so much for the reply (it's been a while since we've been trying to understand this error)

First of all, we do not want/need to handle any payment logic. With that said is it still necessary to apply for the "Payments Partner application" just to keep track of disputes (this can be done without it) and their evidences?

If so, wouldn't it be better to make CLI flag it while trying to deploy the app?

[amcaplan]

First of all, we do not want/need to handle any payment logic. With that said is it still necessary to apply for the "Payments Partner application" just to keep track of disputes (this can be done without it) and their evidences?

At present, the Payments Apps platform is invitation-only, and that applies across the payments API. Details here

If so, wouldn't it be better to make CLI flag it while trying to deploy the app?

Can you explain where in the process you'd expect to see this issue brought up?

[arturgontijo]

Can you explain where in the process you'd expect to see this issue brought up?

If we run shopify app deploy with the scopes = "read_shopify_payments_dispute_evidences" in its TOML file, we get:

╭─ error ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│                                                                                                                                                          │
│  Version couldn't be created.                                                                                                                            │
│                                                                                                                                                          │
│  app-access                                                                                                                                              │
│                                                                                                                                                          │
│  Validation errors                                                                                                                                       │
│    • scopes: read_shopify_payments_dispute_evidences                                                                                                     │
│                                                                                                                                                          │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

At least for me, that's not helpful at all...It would be great to have more assertive error message like:

│  Validation errors
│    • restricted scopes: read_shopify_payments_dispute_evidences

Maybe also point it out to one of those links that you've shared.

But yeah, I think we can close this issue. Thanks again!

[amcaplan]

Thanks, this is a great point. I've passed on your feedback to the relevant internal team. Closing out this issue for now.