Merge pull request #1343 from Shopify/zoey/make-scope-optional

Add default value to Context::scope parameter to make it optional

Author: zzooeeyy

CHANGELOG.md

@@ -3,6 +3,8 @@
 Note: For changes to the API, see https://shopify.dev/changelog?filter=api
 ## Unreleased
 
+- [#1343](https://github.com/Shopify/shopify-api-ruby/pull/1343) Make ShopifyAPI::Context::scope parameter optional. `scope` defaults to empty list `[]`.
+
 ## 14.6.0
 
 - [#1337](https://github.com/Shopify/shopify-api-ruby/pull/1337) Fix type for Shop#google_apps_login_enabled

docs/usage/oauth.md

@@ -123,6 +123,19 @@ class ShopifyCallbackController < ApplicationController
 ```
 
 #### 3. Begin OAuth
+To request access scopes from the shop during authorization code grant OAuth flow, 
+configure access scopes needed by adding the `scope` parameter to the `ShopifyAPI::Context.setup` method in your configuration.
+
+```ruby
+ShopifyAPI::Context.setup(
+  api_key: <SHOPIFY_API_KEY>,
+  api_secret_key: <SHOPIFY_API_SECRET>,
+  api_version: <SHOPIFY_API_VERSION>,
+  scope: <SHOPIFY_API_SCOPES>, # Accepts array or string: "read_orders, write_products" or ["read_orders", "write_products"]
+  ...
+  )
+```
+
 Use [`ShopifyAPI::Auth::Oauth.begin_auth`](https://github.com/Shopify/shopify-api-ruby/blob/main/lib/shopify_api/auth/oauth.rb#L22) method to start OAuth process for your app.
 
 #### Input
@@ -131,6 +144,7 @@ Use [`ShopifyAPI::Auth::Oauth.begin_auth`](https://github.com/Shopify/shopify-ap
 | `shop`          | `String`               |    Yes    |       -       | A Shopify domain name in the form `{exampleshop}.myshopify.com`.                                            |
 | `redirect_path` | `String`               |    Yes    |       -       | The redirect path used for callback with a leading `/`. The route should be allowed under the app settings. |
 | `is_online`     | `Boolean`              |    No     |    `true`     | `true` if the session is online and `false` otherwise.                                                      |
+| `scope_override`| `String` or `[String]` |    No     |     `nil`     |  `nil` will request access scopes configured in `ShopifyAPI::Context.setup` during OAuth flow. Modify this to override the access scopes being requested. Accepts array or string: "read_orders, write_products" or ["read_orders", "write_products"]. |
 
 #### Output
 `begin_auth` method will return a hash result in the form of:

lib/shopify_api/context.rb

@@ -33,9 +33,9 @@ class << self
           api_key: String,
           api_secret_key: String,
           api_version: String,
-          scope: T.any(T::Array[String], String),
           is_private: T::Boolean,
           is_embedded: T::Boolean,
+          scope: T.any(T::Array[String], String),
           log_level: T.any(String, Symbol),
           logger: T.untyped,
           host_name: T.nilable(String),
@@ -51,9 +51,9 @@ def setup(
         api_key:,
         api_secret_key:,
         api_version:,
-        scope:,
         is_private:,
         is_embedded:,
+        scope: [],
         log_level: :info,
         logger: ::Logger.new($stdout),
         host_name: nil,

test/context_test.rb

@@ -165,6 +165,19 @@ def test_send_a_warning_if_log_level_is_invalid
       )
     end
 
+    def test_scope_config_can_be_optional_and_defaults_to_empty
+      ShopifyAPI::Context.setup(
+        api_key: "",
+        api_secret_key: "",
+        api_version: "2023-10",
+        host_name: "",
+        is_private: false,
+        is_embedded: true,
+      )
+
+      assert_equal(ShopifyAPI::Auth::AuthScopes.new, ShopifyAPI::Context.scope)
+    end
+
     def teardown
       ShopifyAPI::Context.deactivate_session
     end