Add invalid id token handling for `current_shopify_domain` method

kirillplatonov commented 2 weeks ago

What this PR does

Fixes #1866

When app root URL is opened directly outside of iframe it used to redirect to /login page. With Token Exchange auth it now throws an exception ShopifyAPI::Errors::MissingJwtTokenError because current_shopify_domain method is called by ShopifyApp::FrameAncestors and it doesn't have any error handling at the moment. CleanShot 2024-06-22 at 11 33 38@2x CleanShot 2024-06-22 at 11 34 16@2x

In this PR I added missing error handling for current_shopify_domain and redirect to /login work again. https://github.com/Shopify/shopify_app/assets/839922/da1eb29c-1f7f-4f26-b8ea-637778cfd8b0

Reviewer's guide to testing

To reproduce the issue:

Launch the app that uses Token Exchange auth
Open root URL outside of iframe
You should see ShopifyAPI::Errors::MissingJwtTokenError

Checklist

Before submitting the PR, please consider if any of the following are needed:

[x] Update CHANGELOG.md if the changes would impact users
[x] Update README.md, if appropriate.
[x] Update any relevant pages in /docs, if necessary
[x] For security fixes, the Disclosure Policy must be followed.

kirillplatonov commented 1 week ago

cc @zzooeeyy @paulomarg

matteodepalo commented 6 days ago

Hi @kirillplatonov thank you for opening this PR and the others, the team will look at them soon.

kirillplatonov commented 6 days ago

@matteodepalo Thanks guys! Let me know if any adjustments are necessary.

kirillplatonov commented 5 days ago

@zzooeeyy Awesome! Resolved conflicts and ready for merge.

Shopify / shopify_app