Skip to content
This repository has been archived by the owner on Nov 30, 2022. It is now read-only.

Auth Shopify Middleware are not working with headers #599

Closed
sergeyantonuk opened this issue Oct 9, 2020 · 4 comments
Closed

Auth Shopify Middleware are not working with headers #599

sergeyantonuk opened this issue Oct 9, 2020 · 4 comments
Labels
pre-v17 Issue was created before release of v17 unconfirmed Unconfirmed yet if it is a true bug/issue.

Comments

@sergeyantonuk
Copy link

sergeyantonuk commented Oct 9, 2020
edited
Loading

Expected Behavior

I am developing API where I use osiset package.
And my client send auth data(hmac, session, shop, timestamp, locale) through headers.
After Auth Shopify Middleware accepted the data - authentication should be successful.

Current Behavior

We have getData() method in the vendor/osiset/laravel-shopify/src/ShopifyApp/Http/Middleware/AuthShopify.php
This method should return Array something like this:

array(5) {
    ["hmac"]=>
    string(64) "abcdeg3036d864177269187dd84a5d91328d8e6w99d84958"
    ["locale"]=>
    string(2) "en"
    ["session"]=>
    string(64) "abcdef273e91280396597c13e8fc2edef19d48b5efbeaa5a802"
    ["shop"]=>
    string(28) "mystore.myshopify.com"
    ["timestamp"]=>
    string(10) "1602157989"
}

All elements of this array are required.

So according to getData() method we have 3 possible methods to grab the Auth data:

  • GET/POST parameters
  • Headers
  • Referer

In my case I want to use headers, but in the header's branch of code the session header is missing:

          ` $shop = $request->header('X-Shop-Domain');
            $signature = $request->header('X-Shop-Signature');
            $timestamp = $request->header('X-Shop-Time');
          

            $verify = [
                'shop'      => $shop,
                'hmac'      => $signature,
                'timestamp' => $timestamp,  
            ];

`
So, current behavior:

  • my client send auth data(hmac, session, shop, timestamp, locale) through headers.
  • Auth Shopify Middleware accepted the data and return login page(unauthenticated)
    This happens because session header is missing in the getData() method

Context

Package Version: v12.0.1
Laravel Version: v7.28.4
PHP Version: v7.2.24
@darrynten darrynten mentioned this issue Oct 12, 2020
Merged
@darrynten
Copy link
Contributor

See #601 - now you can use the JWT from Shopify directly

@sergeyantonuk
Copy link
Author

Great!
Can you tell me how can I setup it?

@darrynten
Copy link
Contributor

@sergeyantonuk

The implementation can be used exactly as documented by Shopify. The backend is taken care of by this package, you must follow the tutorial for the frontend part or use a package that takes care of this for you.

You can see an example here - https://github.com/UnicornGlobal/laravel-shopify-vue (specifically this file)

@gnikyt gnikyt added the unconfirmed Unconfirmed yet if it is a true bug/issue. label Jan 21, 2021
@gnikyt
Copy link
Owner

gnikyt commented Jun 30, 2021

Cleanup...
Re-open if still and issue.
Thanks!

@gnikyt gnikyt closed this as completed Jun 30, 2021
@gnikyt gnikyt added the pre-v17 Issue was created before release of v17 label Jun 30, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
pre-v17 Issue was created before release of v17 unconfirmed Unconfirmed yet if it is a true bug/issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gnikyt @darrynten @sergeyantonuk