I have an application that work well. Now we want to add new sensitive scope to this one (crm.lists.write) to support new feature.
I understand that if the user would like to use new feature which APIs called required new scopes then they need to create new authentications.
But I also would like to know if issued refresh_token/access_token would still work as-is if the APIs called don't require new scopes. To check the possible impact to the current users with their stored authentications before adding new scope.
What you can do here is add new scopes to the app and then test it on stage with your testing account. If you change the scopes then the user need to reinstall the app again to use all the features.
I hope this will help you out. Please mark it as Solution Accepted and upvote to help another Community member. Thanks!
What you can do here is add new scopes to the app and then test it on stage with your testing account. If you change the scopes then the user need to reinstall the app again to use all the features.
I hope this will help you out. Please mark it as Solution Accepted and upvote to help another Community member. Thanks!
Hey, @TDDEV👋 You should be able to test this using your Developer Test Account which allows you to create up to 10 App Test Accounts. You could install your app in one before you update the scopes and then install again in another test account using the updated scopes.
Based on my understating:
Existing users retain full access to existing features without changes
Users utilizing the new feature will need to authorize the additional crm.lists.write scope
Authentication tokens for existing functionalities remain unaffected