Skip to content
This repository has been archived by the owner on Apr 11, 2024. It is now read-only.

Change beginAuth sessions default to online #203

Merged
merged 15 commits into from
Oct 13, 2021
Merged
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ and adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
### Fixed

- Don't include extra params when calculating local hmac [#196](https://github.com/Shopify/shopify-node-api/pull/196)
- [Breaking] Change default for OAuth.beginAuth to online sessions [#203](https://github.com/Shopify/shopify-node-api/pull/203)

## [1.4.0] - 2021-05-21

Expand Down
21 changes: 12 additions & 9 deletions docs/usage/oauth.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,16 @@ To do that, you can follow the steps below.

## Add a route to start OAuth

The route for starting the OAuth process (in this case `/login`) will use the library's `beginAuth` method. The `beginAuth` method takes in the request and response objects (from the `http` module), along with the target shop _(string)_, redirect route _(string)_, and whether or not you are requesting [online access](https://shopify.dev/concepts/about-apis/authentication#api-access-modes) _(boolean)_. The method will return a URI that will be used for redirecting the user to the Shopify Authentication screen.
The route for starting the OAuth process (in this case `/login`) will use the library's `beginAuth` method. The method will return a URI that will be used for redirecting the user to the Shopify Authentication screen.

| Parameter | Type | Required? | Default Value | Notes |
| --- | --- | :---: | :---: | --- |
| `request` | `http.IncomingMessage` | Yes | - | The HTTP Request. |
| `response` | `http.ServerResponse` | Yes | - | The HTTP Response. |
| `shop` | `string` | Yes | - | A Shopify domain name in the form `{exampleshop}.myshopify.com`. |
| `redirectPath` | `string` | Yes | - | The redirect path used for callback with a leading `/`. The route should be allowed under the app settings. |
| `isOnline` | `bool` | No | `true` | `true` if the session is online and `false` otherwise. |


<details>
<summary>Node.js</summary>
Expand All @@ -17,7 +26,7 @@ The route for starting the OAuth process (in this case `/login`) will use the li
if (pathName === '/login') {
// process login action
try {
const authRoute = await Shopify.Auth.beginAuth(request, response, SHOP, '/auth/callback');
const authRoute = await Shopify.Auth.beginAuth(request, response, SHOP, '/auth/callback', false);

response.writeHead(302, { 'Location': authRoute });
response.end();
Expand Down Expand Up @@ -47,13 +56,7 @@ http.createServer(onRequest).listen(3000);

```ts
app.get('/login', async (req, res) => {
let authRoute = await Shopify.Auth.beginAuth(
req,
res,
SHOP,
'/auth/callback',
true,
);
let authRoute = await Shopify.Auth.beginAuth(req, res, SHOP, '/auth/callback');
Paulinakhew marked this conversation as resolved.
Show resolved Hide resolved
return res.redirect(authRoute);
});
```
Expand Down
4 changes: 2 additions & 2 deletions src/auth/oauth/oauth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,14 @@ const ShopifyOAuth = {
* @param redirect Redirect url for callback
* @param isOnline Boolean value. If true, appends 'per-user' grant options to authorization url to receive online access token.
* During final oauth request, will receive back the online access token and current online session information.
* Defaults to offline access.
* Defaults to online access.
*/
async beginAuth(
request: http.IncomingMessage,
response: http.ServerResponse,
shop: string,
redirectPath: string,
isOnline = false,
isOnline = true,
): Promise<string> {
Context.throwIfUninitialized();
Context.throwIfPrivateApp('Cannot perform OAuth for private apps');
Expand Down
9 changes: 2 additions & 7 deletions src/auth/oauth/test/oauth.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -88,18 +88,13 @@ describe('beginAuth', () => {
});

test('sets session id and cookie to shop name with "_offline" for offline access requests', async () => {
Paulinakhew marked this conversation as resolved.
Show resolved Hide resolved
await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback');
await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback', false);

expect(cookies.id).toBe(`offline_${shop}`);
});

test('returns the correct auth url for given info', async () => {
const authRoute = await ShopifyOAuth.beginAuth(
req,
res,
shop,
'/some-callback',
);
const authRoute = await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback', false);
const session = await Context.SESSION_STORAGE.loadSession(cookies.id);
/* eslint-disable @typescript-eslint/naming-convention */
const query = {
Expand Down