Currently when an App is using managed install, and the scopes in their config object do not match the scopes they have set up in their app toml, it can send the app into an infinite redirect loop.
Managed install replaces the functionality where we need to check if the sessions scopes match the scopes in the config.
Assumptions
Apps that are using managed install and token exchange, do not need to use the SCOPES environment variable, or the scopes config setting, Shopify will manage redirecting to the authorization page if necessary.
WHAT is this pull request doing?
This PR makes the scopes field on the API config object optional.
This update the isActive method on the Session object to ignore scope differences if passing in a falsy value.
Apps that are not using the new auth strategy do require scopes, so if we start the oauth flow, and scopes are not defined we will throw an error.
Type of change
[ ] Patch: Bug (non-breaking change which fixes an issue)
[ ] Minor: New feature (non-breaking change which adds functionality)
[ ] Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)
Checklist
[ ] I have used yarn changeset to create a draft changelog entry (do NOT update the CHANGELOG.md file manually)
[ ] I have added/updated tests for this change
[ ] I have documented new APIs/updated the documentation for modified APIs (for public APIs)
WHY are these changes introduced?
Assumptions
SCOPES
environment variable, or the scopes config setting, Shopify will manage redirecting to the authorization page if necessary.WHAT is this pull request doing?
scopes
field on the API config object optional.Type of change
Checklist
yarn changeset
to create a draft changelog entry (do NOT update theCHANGELOG.md
file manually)