Oauth error failed_grant_with_invalid_scopes

[ilrein]

Issue summary

Before opening this issue, I have:

• [x ] Upgraded to the latest version of the package
  • shopify_app version:
  • Ruby version:
  • Operating system:
• [ ] Set log_level: :debug in my configuration, if applicable
• [ ] Found a reliable way to reproduce the problem that indicates it's a problem with the package
• [ ] Looked for similar issues in this repository
• [ ] Checked that this isn't an issue with a Shopify API
  • If it is, please create a post in the Shopify community forums or report it to Shopify Partner Support

I have created a fresh install. I am able to render the page successfully. When I try to install the shop, I get this:

Expected behavior

I left the defaults of:

ShopifyApp.configure do |config|
  config.application_name = "My Shopify App"
  config.old_secret = ""
  config.scope = "read_products" # Consult this page for more scope options:
                                  # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes

Actual behavior

But it seems to have an issue with the scope.

Steps to reproduce the problem

I ran all the steps to start a new project found in the README.

Debug logs

I do see this on the failed request:

Started POST "/login" for 198.98.126.168 at 2024-05-02 16:40:13 -0400
Cannot render console from 198.98.126.168! Allowed networks: 127.0.0.0/127.255.255.255, ::1
Processing by ShopifyApp::SessionsController#create as HTML
  Parameters: {"authenticity_token"=>"[FILTERED]", "shop"=>"easy-tiles-easy-life.myshopify.com"}
Redirected to https://admin.shopify.com/store/easy-tiles-easy-life/oauth/install?client_id=82b530a33880214df01aeb372ca5a890
Completed 302 Found in 2ms (ActiveRecord: 0.0ms | Allocations: 610)

[zzooeeyy]

Hi @ilrein,

It's difficult for me to see what is happening without more information - Could you try the following:

• Capture a HAR file for the OAuth process to analyze network activity during that time.
• Capture debug logs in the app by configuring:

  # config/initializers/shopify_app.rb
  ShopifyAPI::Context.setup(
  #.......
  log_level: :debug,
  )

Also, I'm not sure if the generators are that up to date anymore. If you're creating a new app, you could try creating one straight from our template. that should work right out of the box, and using Shopify CLI will make development/deployment of your app much easier.

[github-actions[bot]]

We are closing this issue because we did not hear back regarding additional details we needed to resolve this issue. If the issue persists and you are able to provide the missing clarification we need, feel free to respond and reopen this issue.

We appreciate your understanding as we try to manage our number of open issues.

[hidavidday]

same issue is happening for me. Fresh install and all URLs are configured properly.

[mur-wtag]

@zzooeeyy I am also encountered with same issue and I triggered dubug mode and here is the log:

19:37:07 │ web-backend      │ Started POST "/login" for 103.197.153.39 at 2024-06-12 19:37:07 +0600
19:37:07 │ web-backend      │ Cannot render console from 103.197.153.39! Allowed networks: 127.0.0.0/127.255.255.255, ::1
19:37:07 │ web-backend      │ Processing by ShopifyApp::SessionsController#create as HTML
19:37:07 │ web-backend      │   Parameters: {"authenticity_token"=>"[FILTERED]", "shop"=>"sofenx-dev.myshopify.com"}
19:37:07 │ web-backend      │ [ ShopifyApp | DEBUG | Shop Not Found ] Starting OAuth - Redirecting to Shopify managed install
19:37:07 │ web-backend      │ Redirected to https://admin.shopify.com/store/sofenx-dev/oauth/install?client_id=cfb75542ffbcafdac9ac271d68c583c5
19:37:07 │ web-backend      │ Completed 302 Found in 2ms (ActiveRecord: 0.0ms | Allocations: 717)

any idea?

[andrewchen5678]

+1 same issue today with fresh install and partner store, please reopen

[mur-wtag]

sorry I've forgot to mention here that I've resolved the issue. I did some debug and found in my .toml file there is

use_legacy_install_flow = true

I have found if we are using new_embedded_auth_strategy, we have to remove ☝️ this like from the .toml file.

After removing this line from .toml file it's working perfectly!

[andrewchen5678]

how did you initialize your app, on partner site maunally, through command line, or through shopify plus? I followed the README's instruction and it seems to suggest to initialize an app manually on partner site first.

[krishnadiamesso]

I am having the same issue

Started POST "/login" for ::1 at 2024-06-27 20:49:35 -0400
Processing by ShopifyApp::SessionsController#create as HTML
  Parameters: {"authenticity_token"=>"[FILTERED]", "shop"=>"store-test-3-2024.myshopify.com"}
[ ShopifyApp | DEBUG | Shop Not Found ] Starting OAuth - Redirecting to Shopify managed install
Redirected to https://admin.shopify.com/store/store-test-3-2024/oauth/install?client_id=c0bd1ba2890abfce4cb77e13e8a1a0dc
Completed 302 Found in 3ms (ActiveRecord: 0.0ms | Allocations: 760)

@zzooeeyy could this be reopened?

[krishnadiamesso]

how did you initialize your app, on partner site maunally, through command line, or through shopify plus? I followed the README's instruction and it seems to suggest to initialize an app manually on partner site first.

@andrewchen5678 were you able to fix your issue. I can see a .toml file when starting the rails app from scratch @mur-wtag probably used the cli

[andrewchen5678]

I suspect it has to do with the approach to initialize the app manually on partner portal instead of through cli, but I can't confirm further because I changed strategy.

I tried many different approaches for getting access token for a private app and ended up initializing an app through cli with a .toml file, installed the app on my shop manually through the partner portal, and created custom oauth endpoint to get access token, for my use case I only needed one offline access token for backend API calls for the shop. It is too much much tight coupling on the Shopify::Context on multi-store workflow, coupled with too many ways to create custom apps, which makes it difficult to use the standard oauth flow to work with private apps only meant for one store.

[krishnadiamesso]

@andrewchen5678 Yeahhh creating the app from the CLI works for me as well. but there are a lot of things there I don't need or don't want to use. so wanted to go with a rails app from scratch. will dig a bit more. worst comes to worst I will go the cli route.