From 024d94691ed889d047704d2f1615f40a03cc02ac Mon Sep 17 00:00:00 2001
From: Tyler J <tyler@jackfruit.me>
Date: Sat, 11 Jan 2025 13:31:05 -0500
Subject: [PATCH 1/6] Refactor `create_permission_url` to handle optional
 `scope`.

Modified `create_permission_url` to make `scope` optional, allowing it to be omitted when specified in the app's configuration (TOML). Updated the README to reflect this change and clarify usage. This improves flexibility and simplifies configuration management.
---
 README.md          | 4 +++-
 shopify/session.py | 9 +++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index a8fa6d74..0b680d07 100644
--- a/README.md
+++ b/README.md
@@ -66,10 +66,12 @@ pip install --upgrade ShopifyAPI
     api_version = '2024-07'
     state = binascii.b2a_hex(os.urandom(15)).decode("utf-8")
     redirect_uri = "http://myapp.com/auth/shopify/callback"
+    # `scope` should be omitted if provided by app's TOML
     scopes = ['read_products', 'read_orders']
 
     newSession = shopify.Session(shop_url, api_version)
-    auth_url = newSession.create_permission_url(scopes, redirect_uri, state)
+    # `scope` should be omitted if provided by app's TOML
+    auth_url = newSession.create_permission_url(redirect_uri, scopes, state)
     # redirect to auth_url
     ```
 
diff --git a/shopify/session.py b/shopify/session.py
index 39ce5f7b..52dc83f4 100644
--- a/shopify/session.py
+++ b/shopify/session.py
@@ -53,10 +53,11 @@ def __init__(self, shop_url, version=None, token=None, access_scopes=None):
         self.access_scopes = access_scopes
         return
 
-    def create_permission_url(self, scope, redirect_uri, state=None):
-        query_params = dict(client_id=self.api_key, scope=",".join(scope), redirect_uri=redirect_uri)
-        if state:
-            query_params["state"] = state
+    def create_permission_url(self,  redirect_uri, scope=None, state=None):
+        query_params = dict(client_id=self.api_key, redirect_uri=redirect_uri)
+        # `scope` should be omitted if provided by app's TOML
+        if scope: query_params["scope"] = ",".join(scope)
+        if state: query_params["state"] = state
         return "https://%s/admin/oauth/authorize?%s" % (self.url, urllib.parse.urlencode(query_params))
 
     def request_token(self, params):

From ceada2433b004365b7d9f74669b9c1067e299ccb Mon Sep 17 00:00:00 2001
From: Tyler J <tyler@jackfruit.me>
Date: Sun, 12 Jan 2025 11:33:31 -0500
Subject: [PATCH 2/6] Update to version 12.7.1 and update the CHANGELOG.

---
 CHANGELOG          | 2 ++
 shopify/version.py | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 50cae06e..e9910c2e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,7 @@
 == Unreleased
 
+- Remove requirement to provide scopes to Permission URL, as it should be omitted if defined with the TOML file.
+
 == Version 12.7.0
 
 - Remove requirement to use a predefined API version. Now you can use any valid API version string. ([#737](https://github.com/Shopify/shopify_python_api/pull/737))
diff --git a/shopify/version.py b/shopify/version.py
index 126c3ab4..dfb0b4e4 100644
--- a/shopify/version.py
+++ b/shopify/version.py
@@ -1 +1 @@
-VERSION = "12.7.0"
+VERSION = "12.7.1"

From 07d6c47146e00c35bb39a83d86033f9b250623af Mon Sep 17 00:00:00 2001
From: Tyler J <tyler@jackfruit.me>
Date: Sun, 12 Jan 2025 11:48:02 -0500
Subject: [PATCH 3/6] Fix typo in method signature of create_permission_url

Removed an unnecessary extra space in the method signature of `create_permission_url`.
---
 shopify/session.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shopify/session.py b/shopify/session.py
index 52dc83f4..eec40517 100644
--- a/shopify/session.py
+++ b/shopify/session.py
@@ -53,7 +53,7 @@ def __init__(self, shop_url, version=None, token=None, access_scopes=None):
         self.access_scopes = access_scopes
         return
 
-    def create_permission_url(self,  redirect_uri, scope=None, state=None):
+    def create_permission_url(self, redirect_uri, scope=None, state=None):
         query_params = dict(client_id=self.api_key, redirect_uri=redirect_uri)
         # `scope` should be omitted if provided by app's TOML
         if scope: query_params["scope"] = ",".join(scope)

From adaf770a0b5a99ae791048967f39d89e13ea500f Mon Sep 17 00:00:00 2001
From: Tyler J <tyler@jackfruit.me>
Date: Fri, 17 Jan 2025 14:28:20 -0500
Subject: [PATCH 4/6] Update tests for `create_permission_url` method.

Updated tests to improve clarity and consistency in naming and arguments. Modified `create_permission_url` calls to match new positional order for `redirect_uri` and `scope`. Enhanced assertion coverage for edge cases like empty scopes and added tests for state parameter handling.
---
 test/session_test.py | 42 ++++++++++++++++++++++++++++++------------
 1 file changed, 30 insertions(+), 12 deletions(-)

diff --git a/test/session_test.py b/test/session_test.py
index d7cd5c3d..04d30748 100644
--- a/test/session_test.py
+++ b/test/session_test.py
@@ -86,51 +86,69 @@ def test_temp_works_without_currently_active_session(self):
         self.assertEqual("https://testshop.myshopify.com/admin/api/unstable", assigned_site)
         self.assertEqual("https://none/admin/api/unstable", shopify.ShopifyResource.site)
 
-    def test_create_permission_url_returns_correct_url_with_single_scope_and_redirect_uri(self):
+    def test_create_permission_url_returns_correct_url_with_redirect_uri(self):
+        shopify.Session.setup(api_key="My_test_key", secret="My test secret")
+        session = shopify.Session("http://localhost.myshopify.com", "unstable")
+        permission_url = session.create_permission_url("my_redirect_uri.com")
+        self.assertEqual(
+            "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com",
+            self.normalize_url(permission_url),
+        )
+
+    def test_create_permission_url_returns_correct_url_with_redirect_uri_and_single_scope(self):
         shopify.Session.setup(api_key="My_test_key", secret="My test secret")
         session = shopify.Session("http://localhost.myshopify.com", "unstable")
         scope = ["write_products"]
-        permission_url = session.create_permission_url(scope, "my_redirect_uri.com")
+        permission_url = session.create_permission_url("my_redirect_uri.com", scope=scope)
         self.assertEqual(
             "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com&scope=write_products",
             self.normalize_url(permission_url),
         )
 
-    def test_create_permission_url_returns_correct_url_with_dual_scope_and_redirect_uri(self):
+    def test_create_permission_url_returns_correct_url_with_redirect_uri_and_dual_scope(self):
         shopify.Session.setup(api_key="My_test_key", secret="My test secret")
         session = shopify.Session("http://localhost.myshopify.com", "unstable")
         scope = ["write_products", "write_customers"]
-        permission_url = session.create_permission_url(scope, "my_redirect_uri.com")
+        permission_url = session.create_permission_url("my_redirect_uri.com", scope=scope)
         self.assertEqual(
             "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com&scope=write_products%2Cwrite_customers",
             self.normalize_url(permission_url),
         )
 
-    def test_create_permission_url_returns_correct_url_with_no_scope_and_redirect_uri(self):
+    def test_create_permission_url_returns_correct_url_with_redirect_uri_and_empty_scope(self):
         shopify.Session.setup(api_key="My_test_key", secret="My test secret")
         session = shopify.Session("http://localhost.myshopify.com", "unstable")
         scope = []
-        permission_url = session.create_permission_url(scope, "my_redirect_uri.com")
+        permission_url = session.create_permission_url("my_redirect_uri.com", scope=scope)
+        self.assertEqual(
+            "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com",
+            self.normalize_url(permission_url),
+        )
+
+    def test_create_permission_url_returns_correct_url_with_redirect_uri_and_state(self):
+        shopify.Session.setup(api_key="My_test_key", secret="My test secret")
+        session = shopify.Session("http://localhost.myshopify.com", "unstable")
+        permission_url = session.create_permission_url("my_redirect_uri.com", state="mystate")
         self.assertEqual(
-            "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com&scope=",
+            "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com&state=mystate",
             self.normalize_url(permission_url),
         )
 
-    def test_create_permission_url_returns_correct_url_with_no_scope_and_redirect_uri_and_state(self):
+    def test_create_permission_url_returns_correct_url_with_redirect_uri_empty_scope_and_state(self):
         shopify.Session.setup(api_key="My_test_key", secret="My test secret")
         session = shopify.Session("http://localhost.myshopify.com", "unstable")
         scope = []
-        permission_url = session.create_permission_url(scope, "my_redirect_uri.com", state="mystate")
+        permission_url = session.create_permission_url("my_redirect_uri.com", scope=scope, state="mystate")
         self.assertEqual(
-            "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com&scope=&state=mystate",
+            "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com&state=mystate",
             self.normalize_url(permission_url),
         )
 
-    def test_create_permission_url_returns_correct_url_with_single_scope_and_redirect_uri_and_state(self):
+    def test_create_permission_url_returns_correct_url_with_redirect_uri_and_single_scope_and_state(self):
         shopify.Session.setup(api_key="My_test_key", secret="My test secret")
         session = shopify.Session("http://localhost.myshopify.com", "unstable")
         scope = ["write_customers"]
-        permission_url = session.create_permission_url(scope, "my_redirect_uri.com", state="mystate")
+        permission_url = session.create_permission_url( "my_redirect_uri.com", scope=scope, state="mystate")
         self.assertEqual(
             "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com&scope=write_customers&state=mystate",
             self.normalize_url(permission_url),

From 12e933ba9cadd2ba5b834fe5143cb70438e9e34b Mon Sep 17 00:00:00 2001
From: Tyler J <tyler@jackfruit.me>
Date: Mon, 20 Jan 2025 08:32:20 -0500
Subject: [PATCH 5/6] Fix linting errors

Removes extra white space in parameters in session_test.py and changes conditional formatting in shopify/session.py.
---
 shopify/session.py   | 8 +++++---
 test/session_test.py | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/shopify/session.py b/shopify/session.py
index eec40517..dcb41d41 100644
--- a/shopify/session.py
+++ b/shopify/session.py
@@ -54,10 +54,12 @@ def __init__(self, shop_url, version=None, token=None, access_scopes=None):
         return
 
     def create_permission_url(self, redirect_uri, scope=None, state=None):
-        query_params = dict(client_id=self.api_key, redirect_uri=redirect_uri)
+        query_params = {"client_id": self.api_key, "redirect_uri": redirect_uri}
         # `scope` should be omitted if provided by app's TOML
-        if scope: query_params["scope"] = ",".join(scope)
-        if state: query_params["state"] = state
+        if scope:
+            query_params["scope"] = ",".join(scope)
+        if state:
+            query_params["state"] = state
         return "https://%s/admin/oauth/authorize?%s" % (self.url, urllib.parse.urlencode(query_params))
 
     def request_token(self, params):
diff --git a/test/session_test.py b/test/session_test.py
index 04d30748..8d73e293 100644
--- a/test/session_test.py
+++ b/test/session_test.py
@@ -148,7 +148,7 @@ def test_create_permission_url_returns_correct_url_with_redirect_uri_and_single_
         shopify.Session.setup(api_key="My_test_key", secret="My test secret")
         session = shopify.Session("http://localhost.myshopify.com", "unstable")
         scope = ["write_customers"]
-        permission_url = session.create_permission_url( "my_redirect_uri.com", scope=scope, state="mystate")
+        permission_url = session.create_permission_url("my_redirect_uri.com", scope=scope, state="mystate")
         self.assertEqual(
             "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&redirect_uri=my_redirect_uri.com&scope=write_customers&state=mystate",
             self.normalize_url(permission_url),

From 2f998c691bd15608603ef25e31238f6c22abc544 Mon Sep 17 00:00:00 2001
From: Tyler J <tyler@jackfruit.me>
Date: Mon, 20 Jan 2025 08:40:04 -0500
Subject: [PATCH 6/6] Fix linting errors

Removes extra white space in parameters in session_test.py and changes conditional formatting in shopify/session.py.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d8378880..cadda24e 100644
--- a/README.md
+++ b/README.md
@@ -157,7 +157,7 @@ _Note: Your application must be public to test the billing process. To test on a
 > **⚠️ Note**: As of October 1, 2024, the REST Admin API is legacy:
 > - Public apps must migrate to GraphQL by February 2025
 > - Custom apps must migrate to GraphQL by April 2025
-> 
+>
 > For migration guidance, see [Shopify's migration guide](https://shopify.dev/docs/apps/build/graphql/migrate/new-product-model)
 
 It is recommended to have at least a basic grasp on the principles of the [pyactiveresource](https://github.com/Shopify/pyactiveresource) library, which is a port of rails/ActiveResource to Python and upon which this package relies heavily.