laravel-shopify
laravel-shopify copied to clipboard
gnikyt
App must verify the authenticity of the request from Shopify.
For bug reporting only! If you're posting a feature request or discussion, please ignore.
While submitting app we are having those 2 issue
Expected Behavior
https://prnt.sc/26ng19g
Please describe the behavior you are expecting.
Current Behavior
Please describe the current behavior?
Failure Information
Please help provide information about the failure if this is a bug.
Steps to Reproduce
Please provide detailed steps for reproducing the issue.
- Step 1
- Step 2
- ...
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.
- Package Version: 17.1
- Laravel Version: 7.2
- PHP Version: 7
- Using a toolset (Docker, Laradock, Vagrant, etc.):
Failure Logs
Please include any relevant log snippets or files here.
The first requests look correct for me (this is triggering it from the partner dash but same sort of thing). There is an auth/token request but that's to get a token to be able to install.
- Click "install"
- We are sent to the auth route as it has been set up in the app admin.
- We then go to
/admin/oauth/authorize - From there it gets redirected to
/admin/oauth/request_grantwhere you see the "Install Page" - Click install and we go to
/admin/oauth/post_grantto grant the charges (if any) - Then
/authenticatehappens again with the new?codeparameter to be authed and all the usual stuff happens i.e we store the API Access Token etc.
Can you provide more detail on your set up with your routes etc.
@Kyon147 Yes so when we are trying its allowing me to do everything i tried to install that multiple times and its working perfect but still they are sending me same https://wishlist.partners.gemfind.com/login here is my instance where you can check
Following the routes via a redirect tracking tool - I don't see /authenticate/token in the flow at all - the only one is when it lands on /authenticate and then going to /oauth/authorize.
@Kyon147 Yes so when we are trying its allowing me to do everything i tried to install that multiple times and its working perfect but still they are sending me same https://wishlist.partners.gemfind.com/login here is my instance where you can check
Question, have you manually added the login page back into your application? As this view was removed a while back.
yes i added that manually otherwise if we try to open that page its give me shop domain error.
Yeah, I don't see the auth/token directly but I do see the authenticate route.
I'll need to do a little more digging and I'll tag @osiset as he knows the auth flow a lot better than me.
please check my video as mentioned for each step routing we are following https://watch.screencastify.com/v/Ugt28T0xmltwPKJnJNVI
I've had a look but I don't see it. As I said, Tyler would know more but the authentication in the wiki does mention that a auth/token happens. https://github.com/osiset/laravel-shopify/wiki/Authentication-Process
So I'd need to step through all the code properly on my debugger to get a better idea.
Otherwise, if this is a requirements blocker - we'd need to change the auth flow but again not an expert on that part as I've not really looked at it since we moved to JWT Token so would need to do more digging as I mentioned.
EDIT: I would also probably speak to Shopify and ask them for further guidance. I assume they are being super strict to protect their users making sure that nothing happens between the user click add app and the OAuth screen to reduce the chances of any malicious code being able to run.
@Kyon147 Thanks for the info but yes its working as same mentioned that its passing with above route
@somin-parate - I've created a new PR which avoids the full page redirect and does seem to keep the package running as normal. Just need @osiset to take a look and merge into master if he's happy.
It might not be "enough" for Shopify but it's worth pushing back to them and trying to see what else is needed but technically, that does no redirect, it just goes straight to OAUTH now.
I'll make some time Friday morning, sorry guys, I'm still full-tilt on work and external issues! Appreciate it!
On Wed., Feb. 16, 2022, 12:50 Luke Walsh, @.***> wrote:
@somin-parate https://github.com/somin-parate - I've created a new PR which avoids the full page redirect and does seem to keep the package running as normal. Just need @osiset https://github.com/osiset to take a look and merge into master if he's happy.
— Reply to this email directly, view it on GitHub https://github.com/osiset/laravel-shopify/issues/1073#issuecomment-1041839675, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASO4OWX7ZL4LZA4QRC34R3U3PFERANCNFSM5NMGJBKA . You are receiving this because you were mentioned.Message ID: @.***>
For bug reporting only! If you're posting a feature request or discussion, please ignore.
While submitting app we are having those 2 issue
Expected Behavior
https://prnt.sc/26ng19g
Please describe the behavior you are expecting.
Current Behavior
Please describe the current behavior?
Failure Information
Please help provide information about the failure if this is a bug.
Steps to Reproduce
Please provide detailed steps for reproducing the issue.
- Step 1
- Step 2
- ...
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.
- Package Version: 17.1
- Laravel Version: 7.2
- PHP Version: 7
- Using a toolset (Docker, Laradock, Vagrant, etc.):
Failure Logs
Please include any relevant log snippets or files here.
Hi @somin-parate have you solved this problem?
I figured out the problem. Actually app is not broken. The problem is not with the install but reinstall.
When the shop is being installed for the first time there is not a problem, but if you delete the app and install it again because the app finds it in the database it tries to find a token etc.
To solve this problem you must subscribe to APP_UNINSTALL Webhook. This is not the same thing as GDPR Shop_Redact.
When this webhook calls you if you delete the shop on the next install for the same shop you won't get this problem.
I figured out the problem. Actually app is not broken. The problem is not with the install but reinstall.
When the shop is being installed for the first time there is not a problem, but if you delete the app and install it again because the app finds it in the database it tries to find a token etc.
To solve this problem you must subscribe to APP_UNINSTALL Webhook. This is not the same thing as GDPR Shop_Redact.
When this webhook calls you if you delete the shop on the next install for the same shop you won't get this problem.
How do you figure out it? Did you create a new command then assign hook to the new one Or there is method named "softDelete" did you customize this method.
@baristinaz - the uninstall webhook is all detailed in the wiki - please give it a read.
https://github.com/osiset/laravel-shopify/wiki/Installation#uninstalled-job-recommended