Hello everyone,
We are trying to update our application scope but, we aren't getting an authentication prompt after updating the app scope on the server. Any suggestions/solutions ?
As per my knowledge, whenever we update our application scope, our users will get an authentication prompt to reinstall/update the application on their store's end.
You鈥檙e right, users should be prompted to update and approve the new scopes. After updating the app, did you/the user open it in the store admin? If so, was the user able to open the app and interact with it without approving the new scopes?
Yes, we are able to open the app and interact with it. However, we are unable to use new functionalities which we are introducing in the applications as there wasn't any authentication prompt for updating the app.
What's probably happening is that the user's session is still valid in your app, so your app isn't sending the user over to Shopify to reauthenticate.
If you need everyone to reauthenticate (in order to get the new scope approved), then I think one simple way to do that would be to expire your Rails cookies by changing the secret_key_base in your credentials.yml: https://guides.rubyonrails.org/security.html#encrypted-session-storage
We should probably document the process for this though, I haven't personally tried what I just suggested. You should test it out before you try it out on your users.
@ragalie ,
Thank you for the solution that you provided. It works.!!
I think it would good if this gem kept tracked of requested and approved scopes. Similar to what doorkeeper does. https://github.com/doorkeeper-gem/doorkeeper/blob/master/spec/dummy/db/schema.rb
This would allow apps to avoid API requests that would fail and also add a before_filter to controller to request new scopes if some are missing.
Most helpful comment
I think it would good if this gem kept tracked of requested and approved scopes. Similar to what doorkeeper does. https://github.com/doorkeeper-gem/doorkeeper/blob/master/spec/dummy/db/schema.rb
This would allow apps to avoid API requests that would fail and also add a before_filter to controller to request new scopes if some are missing.