nextjs-shopify icon indicating copy to clipboard operation
nextjs-shopify copied to clipboard

Published 20 hours ago verified publisher icon bluebeel

All embedded apps submitted for app review required to adopt session tokens

Open hankmander opened this issue 3 years ago • 10 comments

This notification showed up in the Shopify Partner Dashboard a couple of days back. I love this project and I'm already building my next app using it as boilerplate but wonder if this new policy will be an issue? As far as I can see cookies are being used in at least one place.

2021-03-21_16-37

hankmander avatar Mar 21 '21 15:03 hankmander

It'll be a issue, they are deprecating the old cookie session method. I'll update the repo in the coming weeks with the new update, if I don't receive by then a pr from a person ^^'

Most of the changement will be done in this repo: https://github.com/bluebeel/nextjs-shopify-auth

bluebeel avatar Mar 21 '21 15:03 bluebeel

That's great to hear! I'm unsure if I'll have time to look into it before you. I will notify you if I do however!

hankmander avatar Mar 21 '21 21:03 hankmander

Hi guys, are you currently working on it? I may also help if needed :)

Gbuomprisco avatar Mar 29 '21 08:03 Gbuomprisco

Also available to help on as well.

I am reading through https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens and also https://shopify.dev/tutorials/get-session-tokens-using-app-bridge-utilities

domsteil avatar Mar 29 '21 17:03 domsteil

Hello, First of all, thank you for the enthusiasm you have.

As a first track I was thinking of starting again from the example offered by Shopify with Koa and "reverse engineer" the lib like the first time. It has been updated and contains the new token authentication and the lib uses the new shopify node api.

After the question would be to know if we are still obliged to use SSR app or with the new mode of authentication, we could move towards full static app.

BTW there is an open discussion for an official example for nextjs with the new token https://github.com/Shopify/shopify-app-bridge/issues/13

Otherwise @ctrlaltdylan did a great job creating a boilerplate example. You can start from this one.

bluebeel avatar Mar 31 '21 10:03 bluebeel

Thanks for the reply!

I gave it a go - it' been quite frustrating - especially as using ngrok takes 5 minute to see a change 😅

I took some inspiration from both this and the boilerplate above - the issue with that is that it's a basic implementation (for example, the nonce is not checked), but it's definitely a start

Gbuomprisco avatar Mar 31 '21 10:03 Gbuomprisco

Thanks for the reply!

I gave it a go - it' been quite frustrating - especially as using ngrok takes 5 minute to see a change 😅

I took some inspiration from both this and the boilerplate above - the issue with that is that it's a basic implementation (for example, the nonce is not checked), but it's definitely a start

You can make a pr so we can see your work and maybe help you?

bluebeel avatar Mar 31 '21 11:03 bluebeel

Thanks for the mention @bluebeel, right it's just a basic prototype. But nonce checking & tests are upcoming. I've been using the package in some form since October on a few production apps. Others as well.

In a perfect world, Shopify would release another version of their official tutorial & auth repos for Next without Koa.js. I've been talking with them on and off about making that switch. It's possible they might do something in the coming months, but not optimistic it will be anytime soon.

ctrlaltdylan avatar Mar 31 '21 11:03 ctrlaltdylan

Is this still an issue? Looking at this boilerplate as a starting point. Thanks!

chrisjoshuamartin avatar Sep 22 '21 23:09 chrisjoshuamartin

Would also love to know if this has been resolved

samuelmaker avatar Nov 18 '21 15:11 samuelmaker