cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon Shopify

Encourage scope granting in GraphiQL

Open shauns opened this issue 1 year ago β€’ 6 comments

WHY are these changes introduced?

When a developer changes the access scopes for their app, and wants to continue to prototype and build, they almost certainly will need the merchant of their dev store -- themselves! -- to grant said access. For the app home, a refresh will do the job with declarative scopes. But lots of building now happens in GraphiQL, and this doesn't have the same behaviour.

WHAT is this pull request doing?

Firstly the token used by GraphiQL is refreshed often now, so its scopes should always be up to date with those granted by the dev store.

This PR adds a couple of helpful nudges:

  • if the access scopes in the in-use app toml don't match those that GraphiQL's access token is attempting to use, this is a sign that the developer has changed them. we show a message in the top-bar of GraphiQL encouraging the dev to run shopify app deploy
  • after running shopify app deploy, if the developer has changed their access scopes within their newly released app version, we show a next step about granting these new access scopes in their dev store
image image

How to test your changes?

  1. Run shopify app dev, and launch GraphiQL
  2. Leaving dev running, go to your app toml, and add a new scope, save the file
  3. The banner shown above should appear. If you change the scopes back, it will disappear.
  4. With changed scopes, run shopify app deploy. Choose to create and release a new version
  5. The confirmation message should mention going to your dev store, as per the above

Post-release steps

n/a

Measuring impact

How do we know this change was effective? Please choose one:

  • [x] n/a - this doesn't need measurement, e.g. a linting rule or a bug-fix
  • [ ] Existing analytics will cater for this addition
  • [ ] PR includes analytics changes to measure impact

Checklist

  • [x] I've considered possible cross-platform impacts (Mac, Linux, Windows)
  • [x] I've considered possible documentation changes

shauns avatar Jun 27 '24 12:06 shauns

We detected some changes at either packages/*/src or packages/cli-kit/assets/cli-ruby/** and there are no updates in the .changeset. If the changes are user-facing, run "pnpm changeset add" to track your changes and include them in the next release CHANGELOG.

github-actions[bot] avatar Jun 27 '24 12:06 github-actions[bot]

Coverage report

St.:grey_question:
 Category Percentage Covered / Total
🟑 Statements
72.37% (-0.26% πŸ”»)
 7486/10344
🟑 Branches
69.11% (-0.13% πŸ”»)
 3683/5329
🟑 Functions
71.4% (-0.23% πŸ”»)
 1977/2769
🟑 Lines
72.72% (-0.25% πŸ”»)
 7072/9725
Show files with reduced coverage πŸ”»
St.:grey_question:
 File Statements Branches Functions Lines
🟑
... / app.ts
78.85% (-7.39% πŸ”»)
69.14% (-2.29% πŸ”»)
85.42% (-5.49% πŸ”»)
79.29% (-8.42% πŸ”»)
🟒
... / deploy.ts
82.93% (-3.92% πŸ”»)
76% (-9% πŸ”»)
 87.5%
84.62% (-4.27% πŸ”»)
🟒
... / identifiers.ts
 100%
80% (-20% πŸ”»)
 100% 100%
πŸ”΄
... / server.ts
1% (-0.3% πŸ”»)
 0% 0%
1.08% (-0.29% πŸ”»)
πŸ”΄
... / graphiql.tsx
50% (-10% πŸ”»)
16.67% (-8.33% πŸ”»)
 0%
50% (-10% πŸ”»)

Test suite run success

1721 tests passing in 794 suites.

Report generated by πŸ§ͺjest coverage report action from eba437644b00a537d8fa740dec8ae87d1ded721e

github-actions[bot] avatar Jun 27 '24 13:06 github-actions[bot]

Is it possible to show a different message in GraphiQL when the granted scopes are out of sync with the deployed scopes?

nickwesselman avatar Jul 08 '24 20:07 nickwesselman

Is it possible to show a different message in GraphiQL when the granted scopes are out of sync with the deployed scopes?

I'm not sure -- we should be able to get at https://shopify.dev/docs/api/admin-graphql/2023-10/objects/App . If requested/available scopes represent the granted and deployed scopes then maybe it's possible?

shauns avatar Jul 16 '24 12:07 shauns

Is it possible to show a different message in GraphiQL when the granted scopes are out of sync with the deployed scopes?

I'm not sure -- we should be able to get at https://shopify.dev/docs/api/admin-graphql/2023-10/objects/App . If requested/available scopes represent the granted and deployed scopes then maybe it's possible?

Confirmed a comparison to requested might do it. Will look

shauns avatar Jul 17 '24 15:07 shauns

This PR seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. β†’ If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

github-actions[bot] avatar Aug 17 '24 03:08 github-actions[bot]