-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Toggle Param to Return Implied Scopes from Remix API Query Method #1604
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking this on - we may want to revisit our test coverage and ensure that it accurately reflects our requirements.
packages/apps/shopify-app-remix/src/server/authenticate/admin/scope/__tests__/query.test.ts
Outdated
Show resolved
Hide resolved
@@ -6,6 +6,7 @@ class AuthScopes { | |||
|
|||
private compressedScopes: Set<string>; | |||
private expandedScopes: Set<string>; | |||
private originalScopes: Set<string>; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we consider how the other methods are implemented as well?
The current behaviour considers AuthScopes(['read_products'])
equivalent to AuthScopes(['read_products', 'write_products'])
. Since we are encouraging developers to use this class, I wonder if this behaviour is consistent with the changes proposed in this PR / as part of the Optional scopes feature?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally, we would want to keep the scope of this change tight and not introduce breaking changes (by changing the default behaviour). However, I wonder about the developer use cases. Would they want to compare and check inclusion with respect to the exact set of scopes or the expanded set of scopes? What about the other methods?
i.e.
required: ['read_products']
optional: ['write_products']
granted: ['read_products']
- Developer queries for optional scopes and instantiates:
requiredScopes = AuthScope(['read_products']);
optionalScopes = AuthScope(['write_products']);
grantedScopes = AuthScope(['read_products']);
- Developer wants to check whether the optional scopes have been granted:
grantedScopes.has(optionalScopes);
grantedScopes.equals(optionalScopes);
- Is this a realistic use case?
- Is current implementation behaving as expected in these scenarios?
cc @kbav
Issue
Closes https://github.com/Shopify/develop-app-runtime-primitives/issues/507
Context
Currently the query method in the Remix API does not return implied scopes but the response from Core does. This is because Remix is returning a compressed set of scopes from the response from Core, using the toArray() method in AuthScopes.
This PR adds a parameter in the AuthScopes toArray() method to toggle returning the original set of scopes returned from from the Admin API.
Type of change
Checklist
pnpm changeset
to create a draft changelog entry (do NOT update theCHANGELOG.md
files manually)