Closed theundeadmonk closed 5 years ago
@theundeadmonk should there be a test case for the "old key" behaviour?
I tophatted by installing, generating a new secret, setting my new and old secret values in config/initializers/shopify_app.rb
, re-authenticating and confirming that the signature validation was successful 👍
I also had to add strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
in config/initializers/omniauth.rb
to make sure the old secret is being passed into the Omniauth provider.
I think we are good to 🚢
When verifying the signature, use the old client secret if validation with the new one fails