Closed jordanlev closed 9 years ago
sandeepshetty
commented
9 years ago The easiest way to do this is to use a framework or routing library that lets you setup before filters to take care of cross cutting concerns like authentication. If you're using POP (Plain Old PHP), then you can include a common file at the top of each PHP file that takes care of authentication and redirects the user (using the header() function) to the outh page.
jordanlev
commented
9 years ago Thanks for your reply, but my question isn't so much about how to architect the routing, but rather what exactly am I looking for to indicate whether I need to authenticate or not?
I think I found the answer though: if I check $_SESSION['oauth_token'] that tells me if I need to do the authentication or not. Seems to work.
Thanks again for your very helpful code!
sandeepshetty
commented
9 years ago Ah, i see. Typically you would store a user_id in the session on login (in the case of Shopify this could be the store_id) and check for that. Depending on how your sessions are stored, you might not want to store the token in the session (it's like storing the password in the session). The skeleton stores it in the session because it doesn't have a db.
In order to set up an app with this skeleton, I need to first set the app url to /oauth.php... then I need to change the app url to /get_store.php (for example) to see different app pages. But how can I build an app that just has 1 entry point (let's say index.php) which can redirect to oauth.php if needed but otherwise serves the app. In other words, how do I detect whether the request needs to be authenticated or not? (I can't see anything in the $_GET args that would indicate to me whether authentication has occurred or not)? Thanks!