member badge
Isaac Bowen
  • Allow explicit task-level configuration of required Shopify oauth scopes
  • Continue inferring permissions, adding them to the task-level oauth scope list as suggested scopes
  • Allow explicit shop-level config of required Shopify oauth scopes, adding to the list whenever a task requires a new scope
  • When a scope becomes unused, leave it on the shop-level list by default (to prevent accidental unwanted loss of authorization, which does sometimes happen)
Mechanic does a pretty good job of inferring required scopes, but the relevance of particular scopes is getting increasingly nuanced over time. The vision here was to keep folks from ever having to worry about permissions, but the lack of an escape hatch is becoming painful. Time to let it go and add tooling, I think. :)