Module: ShopifyAPI::Auth::Oauth

Extended by:

T::Sig

Defined in:

lib/shopify_api/auth/oauth.rb,
lib/shopify_api/auth/oauth/auth_query.rb,
lib/shopify_api/auth/oauth/session_cookie.rb

Defined Under Namespace

Classes: AuthQuery, SessionCookie

Constant Summary

NONCE_LENGTH =

15

Class Method Summary

• .begin_auth(shop:, redirect_path:, is_online: true) ⇒ Object
• .validate_auth_callback(cookies:, auth_query:) ⇒ Object

Class Method Details

.begin_auth(shop:, redirect_path:, is_online: true) ⇒ Object

Raises:

• (Errors::UnsupportedOauthError)

# File 'lib/shopify_api/auth/oauth.rb', line 21

def begin_auth(shop:, redirect_path:, is_online: true)
  unless Context.setup?
    raise Errors::ContextNotSetupError, "ShopifyAPI::Context not setup, please call ShopifyAPI::Context.setup"
  end
  raise Errors::UnsupportedOauthError, "Cannot perform OAuth for private apps." if Context.private?

  state = SecureRandom.alphanumeric(NONCE_LENGTH)

  cookie = SessionCookie.new(value: state, expires: Time.now + 60)

  query = {
    client_id: ShopifyAPI::Context.api_key,
    scope: ShopifyAPI::Context.scope.to_s,
    redirect_uri: "#{ShopifyAPI::Context.host}#{redirect_path}",
    state: state,
    "grant_options[]": is_online ? "per-user" : "",
  }

  query_string = URI.encode_www_form(query)

  auth_route = "https://#{shop}/admin/oauth/authorize?#{query_string}"
  { auth_route: auth_route, cookie: cookie }
end

.validate_auth_callback(cookies:, auth_query:) ⇒ Object

Raises:

• (Errors::InvalidOauthError)

# File 'lib/shopify_api/auth/oauth.rb', line 51

def validate_auth_callback(cookies:, auth_query:)
  unless Context.setup?
    raise Errors::ContextNotSetupError, "ShopifyAPI::Context not setup, please call ShopifyAPI::Context.setup"
  end
  raise Errors::InvalidOauthError, "Invalid OAuth callback." unless Utils::HmacValidator.validate(auth_query)
  raise Errors::UnsupportedOauthError, "Cannot perform OAuth for private apps." if Context.private?

  state = cookies[SessionCookie::SESSION_COOKIE_NAME]
  raise Errors::NoSessionCookieError unless state

  raise Errors::InvalidOauthError,
    "Invalid state in OAuth callback." unless state == auth_query.state

  # TODO: replace this call with the HTTP client once it is built
  body = { client_id: Context.api_key, client_secret: Context.api_secret_key, code: auth_query.code }
  response = HTTParty.post("https://#{auth_query.shop}/admin/oauth/access_token", body: body)
  unless response.ok?
    raise Errors::RequestAccessTokenError,
      "Cannot complete OAuth process. Received a #{response.code} error while requesting access token."
  end
  session_params = response.to_h

  session = create_new_session(session_params, auth_query.shop)

  cookie = if Context.embedded?
    SessionCookie.new(
      value: "",
      expires: Time.now,
    )
  else
    SessionCookie.new(
      value: session.id,
      expires: session.online? ? session.expires : nil,
    )
  end

  unless Context.session_storage.store_session(session)
    raise Errors::SessionStorageError,
      "Session could not be saved. Please check your session storage implementation."
  end

  { session: session, cookie: cookie }
end