search

Shopify / koa-shopify-auth

DEPRECATED Middleware to authenticate a Koa application with Shopify
MIT License
80 stars 63 forks source link

Offline token now Forbidden after 2 months #158

Closed nacmonad closed 2 years ago

nacmonad commented 2 years ago

Issue summary

App created with offline/online token auth as per: https://github.com/Shopify/koa-shopify-auth/issues/106

Offline session was used for order fulfillment service and worked no problem for ~ 2 months.
Now API calls are 503 forbidden.

Is the token expired?

Have purged inmemory cache and tried to regenerate offline token -- only to find that the yet the exact (forbidden) token is reissued.

Is this an issue for support (i.e issue with the app being cutoff from shopify?) ? Can this simply be remedied by forcing the issuing of a new offline_session token ? (This appears to be deterministic f(x) so no? )

Expected behavior

Offline session is able to access Shopify Admin API.

Actual behavior

After months of working, existing offline token is now Forbidden. Regenerating token creates same token and not new.

Steps to reproduce the problem

Basic shopify node app with this added before the first online server.use(createShopifyAuth):

`server.use(createShopifyAuth({ accessMode: "offline", prefix: "/install", async afterAuth(ctx) {

  console.log("Offline session for ", ctx.state.shopify);
  // Offline access mode access token and shop available in ctx.state.shopify
  const { shop, accessToken, scope } = ctx.state.shopify;
  //sessionStorage.client.set('offlineAccessToken', accessToken);
  ACTIVE_SHOPIFY_SHOPS[shop] = scope;
  ctx.redirect("/auth/?shop=${shop}");

},

}));`

Visit /install/auth?shop= to generate offline token. Store in memory server side. Make fetch requests to admin API using offlineSession.

nacmonad commented 2 years ago

Closed due to my own negligence...