bluebeel / nextjs-shopify

This repository contains the app without webhook for the Build a Shopify app with Node and React tutorial.
nextjs-shopify-bluebeel.vercel.app
MIT License
75 stars 22 forks source link

All embedded apps submitted for app review required to adopt session tokens #4

Open hankmander opened 3 years ago

hankmander commented 3 years ago

This notification showed up in the Shopify Partner Dashboard a couple of days back. I love this project and I'm already building my next app using it as boilerplate but wonder if this new policy will be an issue? As far as I can see cookies are being used in at least one place.

2021-03-21_16-37

bluebeel commented 3 years ago

It'll be a issue, they are deprecating the old cookie session method. I'll update the repo in the coming weeks with the new update, if I don't receive by then a pr from a person ^^'

Most of the changement will be done in this repo: https://github.com/bluebeel/nextjs-shopify-auth

hankmander commented 3 years ago

That's great to hear! I'm unsure if I'll have time to look into it before you. I will notify you if I do however!

Gbuomprisco commented 3 years ago

Hi guys, are you currently working on it? I may also help if needed :)

domsteil commented 3 years ago

Also available to help on as well.

I am reading through https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens and also https://shopify.dev/tutorials/get-session-tokens-using-app-bridge-utilities

bluebeel commented 3 years ago

Hello, First of all, thank you for the enthusiasm you have.

As a first track I was thinking of starting again from the example offered by Shopify with Koa and "reverse engineer" the lib like the first time. It has been updated and contains the new token authentication and the lib uses the new shopify node api.

After the question would be to know if we are still obliged to use SSR app or with the new mode of authentication, we could move towards full static app.

BTW there is an open discussion for an official example for nextjs with the new token https://github.com/Shopify/shopify-app-bridge/issues/13

Otherwise @ctrlaltdylan did a great job creating a boilerplate example. You can start from this one.

Gbuomprisco commented 3 years ago

Thanks for the reply!

I gave it a go - it' been quite frustrating - especially as using ngrok takes 5 minute to see a change 😅

I took some inspiration from both this and the boilerplate above - the issue with that is that it's a basic implementation (for example, the nonce is not checked), but it's definitely a start

bluebeel commented 3 years ago

Thanks for the reply!

I gave it a go - it' been quite frustrating - especially as using ngrok takes 5 minute to see a change 😅

I took some inspiration from both this and the boilerplate above - the issue with that is that it's a basic implementation (for example, the nonce is not checked), but it's definitely a start

You can make a pr so we can see your work and maybe help you?

ctrlaltdylan commented 3 years ago

Thanks for the mention @bluebeel, right it's just a basic prototype. But nonce checking & tests are upcoming. I've been using the package in some form since October on a few production apps. Others as well.

In a perfect world, Shopify would release another version of their official tutorial & auth repos for Next without Koa.js. I've been talking with them on and off about making that switch. It's possible they might do something in the coming months, but not optimistic it will be anytime soon.

chrisjoshuamartin commented 2 years ago

Is this still an issue? Looking at this boilerplate as a starting point. Thanks!

samuelmaker commented 2 years ago

Would also love to know if this has been resolved