-
Notifications
You must be signed in to change notification settings - Fork 63
authentication with both offline and online tokens #106
Comments
Update: Changed nothing in the code, just switched the ngrok link. |
@luciilucii |
Seems to work now, I guess there was a typo in my urls. @jezsung any ideas on the third party cookie screen? Only happens with the offline token authentication. |
@luciilucii I'm not sure, I've never seen that kind of screen. What browser do you use? Check if you disabled cookies settings on the browser. |
Chrome with default settings. Previously had this issue especially in safari, with the old authentication methods. It only shows for a second or two, the user doesn't have to click on "Enable cookies", but this is still very confusing. I've read in other issues, that this has to do with the initial auth cookie in the offline authentication. What seems weird is that this screen shows before redirecting to the shopify admin, so when the app is still "full screen" and not in an iframe. |
@luciilucii Does it only appear in Safari? If so, I think the issue might lie in Shopify. Maybe it could be something related to the SameSite attribute of Set-Cookie header. AFAIK this behavior isn't standardized yet. |
Since implementing the offline access mode the screen also appears in chrome. Found something else in my code. Seems like I didn't have a typo in the ngrok url. My accessMode offline afterAuth function was async. I've used a Promise call inside the function like this:
When I use it like this, I get the error "Not found" issue from before. I've now changed the database call to:
That seems to fix the "Not found" issue. I will create a new issue for the cookie screen. Thanks for helping @jezsung |
hey @luciilucii can you please share your code for bot offline and online token auth |
@kwit75 it's the code from the issue summary. Make sure to include await calls before async functions in bots afterAuth methods. Or you can remove the before the afterAuth start and use promises instead. Hope that helps. |
Hey, Thanks! |
Hey, Maybe check your router.get('/') function:
|
Thanks! |
Hey @luciilucii couple questions about your code 1st: 2nd: With |
Hi,
The Now that you have it, you can use it with any fetch function. (I use Axios)
Also make sure to respect the header's formatting ('bearer' etc) otherwise it will not work. Now that you have your front-end request, you can easily handle this request in the back end:
And the
Let me know if you figure this out! But here's all the code you need :) |
Yep, I've implemented the logic to store the session in our database. There should be plenty of resources available for this, you can check the documentation of this package and the @shopify/shopify-api package (Although it takes a while to really understand the concept because there are 3 different session ids). I would also recommend searching in the github issues since there can be confusion with how to handle dates. |
Oh, damn, it is exactly the thing I was looking for. Thanks a lot, @luciilucii! |
@luciilucii Holy smokes man, your issue example, exactly what I was looking for. I would think that is a super common scenario where an app needs both online and offline tokens. It would've been great if you could get both from Shopify by specifying an array of Thanks so much for sharing your code. I definitely wasted a few days on this. @paulomarg Do you think it would be a good idea for the library to support returning multiple sessions (online, offline)? |
Issue summary
I'm trying to use both offline and online authentication with koa-shopify-auth. However, I cannot get it to work properly. I get different bugs at different times, not really sure how to fix them.
Expected behavior
I looked at issue #64 where this was also described in detail. When a merchant installs the app, I have this flow:
Actual behavior
I get redirected to this url: https://....ngrok.io/install/auth/callback?code=... where I get the error "not found". The offline shopify afterAuth function gets called, but not the accessMode online afterAuth function.
Yesterday it worked in some way. I still saw a third-party cookie allowance screen, but it instantly redirected into the shopify admin of the app after that, and I got both tokens. Not a perfect way, but it was functional. I can't remember what I've changed since then.
Steps to reproduce the problem
I added both auth callback urls in the partner dashboard:
https://...ngrok.io/auth/callback
https://...ngrok.io/install/auth/callback
Here's the important server.js code:
I've also tested changing the redirect url in the router.get("/") part to /auth instead of /install/auth. Then the app worked, but I obviously didn't call the accessMode offline afterAuth function, so I only got an online access token.
Additional Info
I'm using the newest version of koa-shopify-auth (4.1.3).
The app completely worked with the online accessMode. The session is stored and loaded properly.
Second Scenario
When only authenticating with the online accessMode, I tried getting the offline session directly by using Shopify.Utils.loadOfflineSession(shop) (I'm not sure if that is possible). I got a session with an access token that was different from the online access token, but when I used it in api calls, it returned an error (access token invalid).
The text was updated successfully, but these errors were encountered: