passport-shopify icon indicating copy to clipboard operation
passport-shopify copied to clipboard

Published 20 hours ago verified publisher icon danteata

dynamic example - callback url

Open dturton opened this issue 8 years ago • 5 comments

I am having issues with the callback url using the + time url since its dynamically created. Is there a workaround to make it work with Shopify?

dturton avatar Aug 30 '16 00:08 dturton

ever found a solution for this?

vondiplo avatar Nov 03 '16 11:11 vondiplo

+1

mskasal avatar Jan 02 '17 18:01 mskasal

A fix for this issue is to remove the time stamp added to the strategy name + callback uri. This seems to be an issue and unresolved still. Would you like me to submit a pull request?

JoshDellay avatar Aug 20 '17 04:08 JoshDellay

A fix for this issue is to remove the time stamp added to the strategy name

@JoshDellay This creates a problem though. If you have a public app with multiple users authenticating at once, then a newly created strategy would take the place of the previous one by removing it.

See here: https://stackoverflow.com/a/45918921/3344977

mitchellporter avatar Jul 23 '18 20:07 mitchellporter

I also was having trouble with the time param. As of right now Shopify requires a whitelisted redirect URL, but my guess is that this wasn't the case when this library was first created. Unfortunately the dynamic callback URL won't work because you need to manually enter any whitelisted callback URL's in the Shopify app settings page. I even tried adding a query param but even that will break if the whitelisted URL doesn't include it.

What I ended up doing was replacing time with the shop/store name. So when the initial auth request comes in grab the store query param and use it for the passport strategy's name like shopify-${req.query.store}.

Your callback URL should no longer be dynamic. Just use a single callback URL like /auth/shopify/callback. Inside the callback, you can grab the shop URL query param value which should be in this format: example.myshopify.com. Remove the .myshopify.com, and use the store name (that we also got in the initial auth request) to remove the unique passport strategy now that we're done with it:

const shop = req.query.shop.replace('.myshopify.com', ''); passport.unuse(`shopify-${shop}`);

This is working fine for now but not sure how I feel about this solution. It seems brittle compared to the passport strategies that I've used in the past so would love to hear of any alternative solutions or ideas if you have any.

mitchellporter avatar Jul 23 '18 21:07 mitchellporter