search

danteata / passport-shopify

Shopify authentication strategy for passport
26 stars 13 forks source link

dynamic example - callback url #8

Open dturton opened 8 years ago

dturton commented 8 years ago

I am having issues with the callback url using the + time url since its dynamically created. Is there a workaround to make it work with Shopify?

vondiplo commented 8 years ago

ever found a solution for this?

mskasal commented 7 years ago

+1

JoshDellay commented 7 years ago

A fix for this issue is to remove the time stamp added to the strategy name + callback uri. This seems to be an issue and unresolved still. Would you like me to submit a pull request?

mitchellporter commented 6 years ago

A fix for this issue is to remove the time stamp added to the strategy name

@JoshDellay This creates a problem though. If you have a public app with multiple users authenticating at once, then a newly created strategy would take the place of the previous one by removing it.

See here: https://stackoverflow.com/a/45918921/3344977

mitchellporter commented 6 years ago

I also was having trouble with the time param. As of right now Shopify requires a whitelisted redirect URL, but my guess is that this wasn't the case when this library was first created. Unfortunately the dynamic callback URL won't work because you need to manually enter any whitelisted callback URL's in the Shopify app settings page. I even tried adding a query param but even that will break if the whitelisted URL doesn't include it.

What I ended up doing was replacing time with the shop/store name. So when the initial auth request comes in grab the store query param and use it for the passport strategy's name like shopify-${req.query.store}.

Your callback URL should no longer be dynamic. Just use a single callback URL like /auth/shopify/callback. Inside the callback, you can grab the shop URL query param value which should be in this format: example.myshopify.com. Remove the .myshopify.com, and use the store name (that we also got in the initial auth request) to remove the unique passport strategy now that we're done with it:

const shop = req.query.shop.replace('.myshopify.com', ''); passport.unuse(`shopify-${shop}`);

This is working fine for now but not sure how I feel about this solution. It seems brittle compared to the passport strategies that I've used in the past so would love to hear of any alternative solutions or ideas if you have any.