search

gnikyt / laravel-shopify

A full-featured Laravel package for aiding in Shopify App development
MIT License
1.24k stars 374 forks source link

Updates to token_handler.blade.php to support Livewire 2.x #1247

Closed unplugged216 closed 2 years ago

unplugged216 commented 2 years ago

Currently there is no support for Livewire 2.x. This PR provides support for Livewire 2.x by incorporating the required headers into token_handler.blade.php.

This closes #1245

bilfeldt commented 2 years ago

@unplugged216 awesome 👍

Authentication using token

How does Livewire authenticate these requests? By default Livewire uses the web middleware group but it also adds some extra middlewares to each request including the \Illuminate\Auth\Middleware\Authenticate::class one. But this middleware would per default use session based authentication and we do not have that 🤔

So am I missing something or would we need to somehow tell Livewire to authenticate using the session token provided as a bearer token?

Refresh of token

The session token is per default only valid for 60 seconds and it's recommended to refresh it every 2sec. Would we not need to implement a function that returns the session token if it's still valid or creates a new one if it has expired.

Otherwise any livewire request made 60 sec after the page has loaded would fail? 🤔

unplugged216 commented 2 years ago

Great questions @bilfeldt !

Authentication Livewire relies on whatever middleware you place inline. This can be configured in config/livewire.php for the middleware_group variable. You can modify it to include verify.shopify similar to this: 'middleware_group' => ['web','verify.shopify']. This is how I am currently doing it.

Refresh Nothing changed here. As depicted in the code for the commit, this addition is inline with the other supported frameworks, vuejs and jQuery. Commit

Hopefully that answered your questions.

bilfeldt commented 2 years ago

Thanks so much for taking the time to explain @unplugged216 👍

Authentication

It makes total sense that Livewire is capable of authenticating the request if you add the verify.shopify middleware. I was not aware that the config middleware_group can also accept single middlewares and not just a group (somewhat misleading naming there) but this is clearly what you should do according to the docs: https://laravel-livewire.com/docs/2.x/authorization#introduction

Refresh

The refreshing is implemented using the keepRetrievingToken method I can see.