Merge pull request #1913 from Shopify/zoey/make-scopes-optional

zzooeeyy · web-flow · commit 753883eecc2a · 2024-10-25T10:50:59.000-06:00
Add default value to Configuration.scope parameter to make it optional
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 Unreleased
 ----------
+-  Make `ShopifyApp.configuration.scope` default to empty list `[]` [1913](https://github.com/Shopify/shopify_app/pull/1913)
 
 22.4.0 (August 22, 2024)
 ----------
diff --git a/docs/shopify_app/authentication.md b/docs/shopify_app/authentication.md
@@ -63,6 +63,26 @@ Using token exchange will ensure that the access token retrieved will always hav
 Authorization code grant flow is the OAuth flow that requires the app to redirect the user 
 to Shopify for installation/authorization of the app to access the shop's data. It is still required for apps that are not embedded.
 
+If your app is not using [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation) with declared scopes in your `.toml` file, you can change the requested access scopes during OAuth flow 
+by adding the `scope` to your configurations - `ShopifyApp.configuration` & `ShopifyAPI::Context.setup`.
+
+
+```ruby
+# config/initializers/shopify_app.rb
+
+ShopifyApp.configure do |config|
+  ...
+  config.scope = ["read_discounts", "write_products"]
+  ...
+end
+
+ShopifyAPI::Context.setup(
+  ...
+  scope: ShopifyApp.configuration.scope,
+  ...
+)
+```
+
 To perform [authorization code grant flow](https://shopify.dev/docs/apps/auth/get-access-tokens/authorization-code-grant), you app will need to handle
 [begin OAuth](#begin-oauth) and [OAuth callback](#oauth-callback) routes.
 
diff --git a/lib/shopify_app/configuration.rb b/lib/shopify_app/configuration.rb
@@ -61,6 +61,7 @@ def initialize
       @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
       @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
       @disable_webpacker = ENV["SHOPIFY_APP_DISABLE_WEBPACKER"].present?
+      @scope = []
 
       log_v23_deprecations
     end
diff --git a/test/shopify_app/configuration_test.rb b/test/shopify_app/configuration_test.rb
@@ -41,6 +41,10 @@ class ConfigurationTest < ActiveSupport::TestCase
     assert_equal "auth/shopify/callback", ShopifyApp.configuration.login_callback_url
   end
 
+  test "defaults scope" do
+    assert_equal [], ShopifyApp.configuration.scope
+  end
+
   test "can set root_url which affects login_url" do
     original_root = ShopifyApp.configuration.root_url
 
