Fix: Example can mislead devs to pass an array instead of comma-separated string

[ardeearam]

Overview/summary

In the README.md, it says

Shopify.Context.initialize({
  API_KEY: 'Your API_KEY',
  API_SECRET_KEY: 'Your API_SECRET_KEY',
  SCOPES: ['Your scopes'],
  HOST_NAME: 'Your HOST_NAME (omit the https:// part)',
  API_VERSION: ApiVersion.October20,
  IS_EMBEDDED_APP: true,

My initial impression of ['Your scopes'] is [process.env.SCOPES] which erroneously and quietly resolves to ['read_themes,read_script_tags']. This then produces a subtle verifyRequest() error which is hard to track down.

Motivation

What inspired this enhancement?

I got bitten by this bug and it took me a good day to track it down, combing through several third-party modules until ending on the wrong usage of SCOPES.

• It can mislead developers to adapt the syntax.
• It's very difficult to track the behavior as it doesn't fail loudly.
• Changing the example is a safe modification.

---

Checklist

• [X ] Please delete the labels section before submitting your issue
• [X ] I have described this enhancement in a way that is actionable (if possible)

Pull request can be found here: https://github.com/Shopify/koa-shopify-auth/pull/98

[github-actions[bot]]

Note that this repo is no longer maintained and this issue will not be reviewed. Prefer the official JavaScript API library. If you still want to use Koa, see simple-koa-shopify-auth for a potential community solution.