Create embedded Shopify app using shopify_gem

[aiwilliams]

This almost works but the app is not happy with the state value, saying there is a CSRF attack going on. @fomentia, please checkout this branch and learn more about omniauth and OAuth 2, how the state value is used and validated. When I was debugging this I came to think that perhaps there needs to be something in the request['rack.session']['omniauth.state'] or something like that, not sure though, so be careful I don't mislead you.

[isaacjwilliams]

Shopify provides us with a /login path. I visited it, and it showed me a prompt to enter my shop's domain (wfth.myshopify.com).

After entering the shop's domain and then pressing install, I was redirected to root. Interesting things happened in the server logs.

Started GET "/login?shop=wfth.myshopify.com" for 127.0.0.1 at 2017-03-14 15:30:52 -0400
Processing by ShopifyApp::SessionsController#new as HTML
  Parameters: {"shop"=>"wfth.myshopify.com"}
  Rendering inline template
  Rendered inline template (0.6ms)
Completed 200 OK in 3ms (Views: 1.5ms | ActiveRecord: 0.0ms)

Started GET "/auth/shopify?shop=wfth.myshopify.com" for 127.0.0.1 at 2017-03-14 15:30:52 -0400
I, [2017-03-14T15:30:52.087943 #6848]  INFO -- omniauth: (shopify) Setup endpoint detected, running now.
I, [2017-03-14T15:30:52.088067 #6848]  INFO -- omniauth: (shopify) Request phase initiated.
Started GET "/auth/shopify/callback?code=5fe0fc96ebd8d22711a94d37c10a22be&hmac=3dd5e4772673ad7ef8fbe41079c2a8d380e7e93929a8f5a96354801ceb07e803&shop=wfth.myshopify.com&state=f8e75c7f13851f086ac5c18d9ec5f112c9b70f11612f47cc&timestamp=1489519852" for 127.0.0.1 at 2017-03-14 15:30:52 -0400
I, [2017-03-14T15:30:52.675553 #6848]  INFO -- omniauth: (shopify) Setup endpoint detected, running now.
I, [2017-03-14T15:30:52.675768 #6848]  INFO -- omniauth: (shopify) Callback phase initiated.
Processing by ShopifyApp::SessionsController#callback as HTML
  Parameters: {"code"=>"5fe0fc96ebd8d22711a94d37c10a22be", "hmac"=>"3dd5e4772673ad7ef8fbe41079c2a8d380e7e93929a8f5a96354801ceb07e803", "shop"=>"wfth.myshopify.com", "state"=>"f8e75c7f13851f086ac5c18d9ec5f112c9b70f11612f47cc", "timestamp"=>"1489519852"}
Redirected to http://localhost:3000/
Completed 302 Found in 13ms (ActiveRecord: 0.0ms)

Started GET "/" for 127.0.0.1 at 2017-03-14 15:30:53 -0400
Processing by SermonSeriesController#index as HTML
  Rendering sermon_series/index.html.erb within layouts/application
  SermonSeries Load (0.6ms)  SELECT "sermon_series".* FROM "sermon_series"
  Rendered collection of sermon_series/_sermon_series.html.erb [1 times] (1.7ms)
  Rendered sermon_series/index.html.erb within layouts/application (20.8ms)
Completed 200 OK in 54ms (Views: 39.1ms | ActiveRecord: 5.4ms)

[isaacjwilliams]

After checking Preserve log in Chrome, I actually got to see these interesting messages from shopify_app.

Apparently, "ShopifyApp detected that it was not loaded in an iframe" and redirected. How it does that, I'm not sure.

[isaacjwilliams]

According to the shopify_app docs, we can turn off the redirection by setting forceRedirect: false in ShopifyApp.init. I'm still not sure how it does the actual redirection, though.

[isaacjwilliams]

By creating a self-signed SSL certificate, I can load our app in the Shopify UI! Unfortunately it's complaining about having no route that matches "/shopify/product". I suspect that this may have something to do with the page set in the "Shop Admin Links" section of the app's settings.