search

Shopify / ui-extensions

MIT License
268 stars 36 forks source link

Storefront API scope unauthenticated_read_product_inventory not available via checkout UI extension #1594

Open marcgug opened 11 months ago

marcgug commented 11 months ago

Please list the package(s) involved in the issue, and include the version you are using

"@shopify/ui-extensions": "2023.10.x",
"@shopify/ui-extensions-react": "2023.10.x"

Describe the bug

It is impossible to retrieve the productVariant.quantityAvailable field via the Storefront API within a checkout ui extension. The graphQL api always returns a null value for quantityAvailable and the error message: Access denied for quantityAvailable field. Required access: unauthenticated_read_product_inventory access scope.

Steps to reproduce the behavior:

  1. Try to make a query that includes a request for productVariant.quantityAvailable.
  2. In the graphQL response, the quantityAvailable field is always null, and there is an error saying that I need access to the unauthenticated_read_product_inventory scope.

Expected behavior

The quantityAvailable field should return an integer - how many of that product is available.

Screenshots

My query code in checkout-ui:

image

My app scope request: image

My app permissions in partner dashboard: image

App permissions in app installed in test store: image

Additional context

This is affecting other users as well, I have found a few posts about it on the shopify forums such as: https://community.shopify.com/c/extensions/is-there-any-way-to-add-new-access-scope-to-checkout-ui/td-p/2141674

jamesvidler commented 11 months ago

This is currently a limitation of the direct storefront API access for checkout UI extensions and planned to be addressed in the future. Alternatively, you can craft your own Storefront API query with an token which does have that access scope.

marcgug commented 10 months ago

Got it. In order to do this, my app has to request Network Access (https://shopify.dev/docs/api/checkout-ui-extensions/2023-10/configuration#network-access) which seems incorrect because I am actually trying to access data from a Shopify API, not a third party.

Hopefully support for this is added soon. Thanks.

frede-merkle commented 4 months ago

+1 would like it very much as well.

sjanczy2 commented 3 months ago

Copying my response into here from a community AMA

Inventory counts are considered sensitive by certain merchants, and we don't currently have a mechanism for allowing conditional scopes to be requested/included in UI extensions. All scopes are currently granted statically to all UI extensions.

One use case we've heard is not wanting to offer product upsells for products that are out of stock. For this use case specifically, we recommend checking the availableForSale field since that should return false if the product is out of stock.

knjshimi commented 3 months ago

+1 would love to see support for this

davidbbe commented 3 months ago

The Shopify team needs to at least update the extension documentation to let developers know about this exception/bug. I wasted alot of time trying to debug this same null value, only to find out its an inconsistency in the way Shopify describes how it should work in their documentation. There are ALOT of other developers coming across this issue, as you can see here.

Rabot18 commented 1 month ago

Hello guys,

Is it the same with

Access denied for customer field. Required access:unauthenticated_read_customersaccess scope. ?

unauthenticated_read_customers access scope is already added to my app but if Shopify does't support some access scopes... and we don't know which ones, it's really difficult to debug and develop...