Refactor create_permission_url to handle optional scope.

Modified `create_permission_url` to make `scope` optional, allowing it to be omitted when specified in the app's configuration (TOML). Updated the README to reflect this change and clarify usage. This improves flexibility and simplifies configuration management.
Shopify · Arkham · Jan 20, 2025 · Jan 11, 2025 · Jan 12, 2025 · Jan 12, 2025
commit 024d94691ed889d047704d2f1615f40a03cc02ac
diff --git a/README.md b/README.md
@@ -66,10 +66,12 @@ pip install --upgrade ShopifyAPI
     api_version = '2024-07'
     state = binascii.b2a_hex(os.urandom(15)).decode("utf-8")
     redirect_uri = "http://myapp.com/auth/shopify/callback"
+    # `scope` should be omitted if provided by app's TOML
     scopes = ['read_products', 'read_orders']
 
     newSession = shopify.Session(shop_url, api_version)
-    auth_url = newSession.create_permission_url(scopes, redirect_uri, state)
+    # `scope` should be omitted if provided by app's TOML
+    auth_url = newSession.create_permission_url(redirect_uri, scopes, state)
     # redirect to auth_url
     ```
 

diff --git a/shopify/session.py b/shopify/session.py
@@ -53,10 +53,11 @@ def __init__(self, shop_url, version=None, token=None, access_scopes=None):
         self.access_scopes = access_scopes
         return
 
-    def create_permission_url(self, scope, redirect_uri, state=None):
-        query_params = dict(client_id=self.api_key, scope=",".join(scope), redirect_uri=redirect_uri)
-        if state:
-            query_params["state"] = state
+    def create_permission_url(self,  redirect_uri, scope=None, state=None):
+        query_params = dict(client_id=self.api_key, redirect_uri=redirect_uri)
+        # `scope` should be omitted if provided by app's TOML
+        if scope: query_params["scope"] = ",".join(scope)
+        if state: query_params["state"] = state
         return "https://%s/admin/oauth/authorize?%s" % (self.url, urllib.parse.urlencode(query_params))
 
     def request_token(self, params):