EiNSTeiN-
commented
8 years ago By "on a per user basis", do you mean that some users would request this scope, others would not? We added a check (here to ensure that users cannot tamper with the scope during the OAuth process, this is what is causing the error.
I see two options that might solve this issue (pick the best one for you):
Option 1, provide a custom setup method when you initialize the oauth strategy. The setup method will be called before every phase of the oauth process, so you set the correct scope based on some condition (I can't help with that part, it's specific to your app):
provider :shopify,
...
scope: "write_products",
setup: lambda { |env|
if some_condition
strategy.options[:scope] = 'write_products,write_customers'
end
}Option 2, disable checking for the correct scope altogether (you should validate this in your application instead!)
provider :shopify,
...
validate_granted_scopes: false
shopifyboosterapps
setupconfig/initializers/shopify_app.rbThe current scope in the ShopifyApp initializer is "write_products". I'd like to update the app's permissions on a per user basis to include "write_customers".
I get the user to hit the following url which includes the "write_customers" scope
https://teststore.myshopify.com/admin/oauth/authorize?client_id=xyz&redirect_uri=https://example.com/auth/shopify/callback&response_type=code&scope=write_products,write_customersThe user gets presented with the correct update screen
Upon accepting the updated permissions the user hits an "invalid_scope | Scope does not match" error.
However - the user now has the write_customers permission enabled even though it looks like we hit an error.
Any ideas on how to avoid this error?
Cheers
Steve