How to update scopes and then allow user to re-auth?
derrickrc opened this issue · 3 comments
I am developing a Shopify app in Rails that was created using shopify-app-cli. When I built the app I initially set the scope as read_products, but now I realize I need additional scopes.
At first when I just tried to manually generate a new permission URL for my development store with the additional scopes, it gave me issue 49 error. I then updated config.scope in shopify_app.rb to reflect my new scopes and then restarted my ngrok tunnel, but now I am getting a CSRF error (see below). I imagine this is due to a lack of state parameter or not using the correct one.
How do I resolve this without having to recreate a brand new app from scratch with the correct permissions? Thank you.
If you add a new scope to you config, I believe you should just be able to redirect the user to /login?shop=shopdomain.myshopify.com and it will handle the routing for you
Thanks @tanema it looks like it worked. I also tried the same thing yesterday withauth/shopify/ per the readme. I wasn't sure if that's what did it, or using login but I seem to have the extra scopes now. In both cases I didn't see the Shopify auth screen again (it just directed me straight to my app) since my guess is I already authorized the scopes when I attempted to re-auth using a manually created permission URL (and subsequently received errors), but either way I think I'm set now. Thank you.
Since this is the first result on searching for this one, I would like to add something.
To actually reinstall the app you should redirect to /users/auth/shopify?shop=shopdomain.myshopify.com the /login?shop=shopdomain.myshopify.com actually redirects to the page where users can insert their domain and them reinstall.
There isn't much difference in these 2 process but the one I used seems to add less friction to end user.