is there a race condition on the NONCE mechanism?

garettB / shopify-flask-example

A simple Shopify app created using Flask and Python

Other

231 stars 66 forks source link

is there a race condition on the NONCE mechanism? #22

Open wangwalton opened 1 year ago

wangwalton commented 1 year ago

if there are 2 hits to the /app_launched endpoint, doesn't the second one overwrite the first hex? so on the next two /app_installed calls, only one will succeed?

garettB commented 1 year ago

Hi, yes the use of globals will cause issues with multiple shops accessing this sample at the same time. If trying to migrate to a production app I'd suggest a more appropriate means of storing the nonces and authentication keys.

I'm afraid this sample has been fairly neglected; but if I get the chance to work on it again then perhaps I'll put in a dict as a stop-gap solution to avoid this issue and also add a note to the README.

Thanks for reporting!