ragalie
commented
5 years ago @theundeadmonk should there be a test case for the "old key" behaviour?
Closed theundeadmonk closed 5 years ago
ragalie
commented
5 years ago @theundeadmonk should there be a test case for the "old key" behaviour?
jamiemtdwyer
commented
5 years ago I tophatted by installing, generating a new secret, setting my new and old secret values in config/initializers/shopify_app.rb, re-authenticating and confirming that the signature validation was successful 👍
I also had to add strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret in config/initializers/omniauth.rb to make sure the old secret is being passed into the Omniauth provider.
jamiemtdwyer
commented
5 years ago I think we are good to 🚢
When verifying the signature, use the old client secret if validation with the new one fails