Hi,
Based on my limited observations, I think when the very first OAuth login is requested by an app, the user is asked to authorize scopes (e.g., MERCHANT_PROFILE_READ, ITEMS_READ, etc.). Authorized scopes are remembered, and unless the scopes change, future OAuth logins would skip scope (re)authorization.
However, when a login is not of business owner, OAuth would return an error “only the business owner can authorize applications for this Square account”.
Does this mean only owner logins may use OAuth to authorize an app to access a Square account data?
Or, is it possible to allow non-owner logins to also use OAuth by say:
- first authorizing scopes to the app via an owner login, such that authorized scopes are remembered and granted for subsequent non-owner logins?
- “pre-authorizing” scopes somewhere else in Square account settings? If yes, where may I find these settings?
Lastly, are OAuth scope authorizations separate and independent of the permissions set for a team member / login? Or are they linked? (eg, to authorize the scope for ORDERS_READ via OAuth, the team member must first have the corresponding permission to work with Orders?
Thank you.
4 posts - 2 participants