Worse, if the developer has not supplied their own IHttpClientFactory to ShopifySharp using the ShopifyService.SetHttpClientFactory, then all services will by default use the internal client factory, meaning any further call to any service will result in that same ObjectDisposedException.
ShopifyOauthUtility.RefreshAccessTokenAsync is erroneously disposing the HttpClient it instantiates. In most cases this is just bad practice, but because the ShopifyOauthUtility does not currently accept an IHttpClientFactory in its constructor and only uses ShopifySharp's default InternalHttpClientFactory, this means the static HttpClient in the internal client factory is then permanently disposed for the lifetime of the application. The next call to
RefreshAccessTokenAsyncwill fail with anObjectDisposedException.Worse, if the developer has not supplied their own
IHttpClientFactoryto ShopifySharp using theShopifyService.SetHttpClientFactory, then all services will by default use the internal client factory, meaning any further call to any service will result in that sameObjectDisposedException.Note: because the deprecated
AuthorizationService.RefreshAccessTokenAsynccalls the ShopifyOauthUtility behind the scenes, it was also affected by this bug.