Merge pull request #203 from Shopify/beginAuth-set-online-sessions

mllemango · web-flow · commit 39f16233e3c9 · 2021-10-13T16:39:56.000-04:00
Change beginAuth sessions default to online
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ and adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 ### Fixed
 
 - Don't include extra params when calculating local hmac [#196](https://github.com/Shopify/shopify-node-api/pull/196)
+- [Breaking] Change default for OAuth.beginAuth to online sessions [#203](https://github.com/Shopify/shopify-node-api/pull/203)
 - [Breaking] Return and delete session in `validateAuthCallback` [#217](https://github.com/Shopify/shopify-node-api/pull/217)
 - [Breaking] Extract `addHandler` and `getHandler` methods for webhooks out of `register` [#205](https://github.com/Shopify/shopify-node-api/pull/205)
 
diff --git a/docs/usage/oauth.md b/docs/usage/oauth.md
@@ -6,7 +6,16 @@ To do that, you can follow the steps below.
 
 ## Add a route to start OAuth
 
-The route for starting the OAuth process (in this case `/login`) will use the library's `beginAuth` method. The `beginAuth` method takes in the request and response objects (from the `http` module), along with the target shop _(string)_, redirect route _(string)_, and whether or not you are requesting [online access](https://shopify.dev/concepts/about-apis/authentication#api-access-modes) _(boolean)_. The method will return a URI that will be used for redirecting the user to the Shopify Authentication screen.
+The route for starting the OAuth process (in this case `/login`) will use the library's `beginAuth` method. The method will return a URI that will be used for redirecting the user to the Shopify Authentication screen.
+
+| Parameter | Type | Required? | Default Value | Notes |
+| --- | --- | :---: | :---: | --- |
+| `request` | `http.IncomingMessage` | Yes | - | The HTTP Request. |
+| `response` | `http.ServerResponse` | Yes | - | The HTTP Response. |
+| `shop` | `string` | Yes | - | A Shopify domain name in the form `{exampleshop}.myshopify.com`. |
+| `redirectPath` | `string` | Yes | - | The redirect path used for callback with a leading `/`. The route should be allowed under the app settings. |
+| `isOnline` | `bool` | No | `true` | `true` if the session is online and `false` otherwise. |
+
 
 <details>
 <summary>Node.js</summary>
@@ -17,7 +26,7 @@ The route for starting the OAuth process (in this case `/login`) will use the li
   if (pathName === '/login') {
     // process login action
     try {
-      const authRoute = await Shopify.Auth.beginAuth(request, response, SHOP, '/auth/callback');
+      const authRoute = await Shopify.Auth.beginAuth(request, response, SHOP, '/auth/callback', false);
 
       response.writeHead(302, { 'Location': authRoute });
       response.end();
@@ -47,13 +56,7 @@ http.createServer(onRequest).listen(3000);
 
 ```ts
 app.get('/login', async (req, res) => {
-  let authRoute = await Shopify.Auth.beginAuth(
-    req,
-    res,
-    SHOP,
-    '/auth/callback',
-    true,
-  );
+  let authRoute = await Shopify.Auth.beginAuth(req, res, SHOP, '/auth/callback', false);
   return res.redirect(authRoute);
 });
 ```
diff --git a/docs/usage/webhooks.md b/docs/usage/webhooks.md
@@ -65,10 +65,7 @@ app.get('/auth/callback', async (req, res) => {
       // this handler is triggered when a webhook is sent by the Shopify platform to your application
     };
 
-    const currentSession = await Shopify.Utils.loadCurrentSession(
-      req,
-      res,
-    );
+    const currentSession = await Shopify.Utils.loadCurrentSession(req, res);
 
     // See https://shopify.dev/docs/admin-api/graphql/reference/events/webhooksubscriptiontopic for a list of available topics
     const resp = await Shopify.Webhooks.Registry.register({
diff --git a/src/auth/oauth/oauth.ts b/src/auth/oauth/oauth.ts
@@ -35,14 +35,14 @@ const ShopifyOAuth = {
    * @param redirect Redirect url for callback
    * @param isOnline Boolean value. If true, appends 'per-user' grant options to authorization url to receive online access token.
    *                 During final oauth request, will receive back the online access token and current online session information.
-   *                 Defaults to offline access.
+   *                 Defaults to online access.
    */
   async beginAuth(
     request: http.IncomingMessage,
     response: http.ServerResponse,
     shop: string,
     redirectPath: string,
-    isOnline = false,
+    isOnline = true,
   ): Promise<string> {
     Context.throwIfUninitialized();
     Context.throwIfPrivateApp('Cannot perform OAuth for private apps');
diff --git a/src/auth/oauth/test/oauth.test.ts b/src/auth/oauth/test/oauth.test.ts
@@ -87,19 +87,14 @@ describe('beginAuth', () => {
     expect(session).toHaveProperty('expires', undefined);
   });
 
-  test('sets session id and cookie to shop name with "_offline" for offline access requests', async () => {
-    await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback');
+  test('sets session id and cookie to shop name prefixed with "offline_" for offline access requests', async () => {
+    await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback', false);
 
     expect(cookies.id).toBe(`offline_${shop}`);
   });
 
   test('returns the correct auth url for given info', async () => {
-    const authRoute = await ShopifyOAuth.beginAuth(
-      req,
-      res,
-      shop,
-      '/some-callback',
-    );
+    const authRoute = await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback', false);
     const session = await Context.SESSION_STORAGE.loadSession(cookies.id);
     /* eslint-disable @typescript-eslint/naming-convention */
     const query = {
