Skip to content
This repository was archived by the owner on Nov 30, 2022. It is now read-only.

Authentication Process

Jump to bottom
Devin Norgarb edited this page Jul 15, 2021 · 6 revisions

This package uses Shopify's session tokens (JWT). Upon first visiting and installing your app, the shop will also be created in the database with an offline token. For all further requests inside your app, the session tokens will be used.

Flows

Install

  1. Initial app request
  2. Redirect to /authenticate/token for a token
  3. Redirect to the permissions page
  4. Install actions
  5. Redirect to /authenticate/token, then to home route for the app

Revisiting

  1. Initial app request
  2. Redirect to /authenticate/token for a token
  3. Redirect to home route of the app

Session Tokens

This package uses Shopify's session tokens (JWT) for all requests. A Javascript solution is pre-implemented to support Axios, jQuery, XHR, Trubolinks, and others, to provide an up-to-date session token that is refreshed in the background every two seconds.

SPA

Links, Routing, and Forms

If you're using a SPA, you can take advantage of window.sessionToken for your requests. This will contain the latest up-to-date session token every two seconds. You can use this token for all your requests.

Alternatively if needed, you can use the tokenRoute and tokenRedirect helpers for routing.

In controller, (example for tokenRoute): $orders = URL::tokenRoute('orders.view', ['id' => 1]);. In Blade, (example for tokenRoute): <a href="{{ URL::tokenRoute('orders.view', ['id' => 1]) }}">Order #1</a>.

In controller, (example for tokenRedirect): return Redirect::tokenRedirect('orders.view', ['id' => 1]);.

Non-SPA

Links & Routing

For non-SPAs, you will need to visit the /authenticate/token route between each request. You can use the tokenRoute and tokenRedirect helpers.

In controller, (example for tokenRoute): $orders = URL::tokenRoute('orders.view', ['id' => 1]);. In Blade, (example for tokenRoute): <a href="{{ URL::tokenRoute('orders.view', ['id' => 1]) }}">Order #1</a>

In controller, (example for tokenRedirect): return Redirect::tokenRedirect('orders.view', ['id' => 1]);

With these helpers, they will first redirect you to the /authenticate/token page to get a new Shopify session token, then redirect you to the destination route.

Forms

You can use a Blade directive {{ @sessionToken }} inside your forms to add a hidden input that will contain the up-to-date Shopify session token (refreshed every two seconds).

Alternatively you can simply add .session-token class to anything. If its an input, it will add value="{{ current_token }}", if not an input, it will add data-value="{{ current_token }}".

road map

Welcome to the wiki!

Please see the homepage for a list of relevant pages.

Clone this wiki locally