Shopify redirecting with missing params after OAuth Upgrade

0
votes

I'm still receiving requests which seem to be old-auth style after upgrading to OAuth, or at least they seem to be missing a parameter I require.

Going from my app through the install or login process is fine. After logging in to Shopify they are redirected to /finalize with the code, shop, timestamp and signature params. I use this with the ruby shopify_api gem to request a token, which I save, validate the session, and log them in. This seems in line with the OAuth guide.

However, if I log in to the Shopify store first, go to Apps, and click on the installed app's logo, it goes to /finalize with shop, signature, and timestamp params. The code param is missing, and I require it to set up and verify the shopify session. Is this not the correct way to do it?

I've checked the request using Charles Proxy, and there are no other magical request headers I can see.

I tried following Step 6 of the OAuth guide, where you MD5 those params to get a signature equal to the token I saved when they signed up, however they did not match in this case.

Any help would be appreciated.

FWIW I'm using the shopify_api gem version 3.1.8 (latest on rubygems.com), Rails 3.1.12, and my finalize code is below:

def finalize
    shop_domain = params[:shop]

    shopify_session = ShopifyAPI::Session.new shop_domain
    token = shopify_session.request_token(params[:code])

    # Reinitialize the shopify_session with the token
    shopify_session = ShopifyAPI::Session.new(shop_domain, token)
    ShopifyAPI::Base.activate_session(shopify_session)

    if shopify_session.valid?

      # Store their shopify creds so we can log in while they're offline
      shop = Shop.find_or_create_by_domain(shop_domain)
      shop.api_password = token

      # Do some more log in stuff and save the shop...

    else
      flash[:error] = "Could not log in to Shopify store."
      redirect_to 'login#index'
    end
end

Note this is a repost of a topic on the Shopify forum, since I'm having no luck in getting a response there.

In the mean time when I get a bad request from Shopify I ask the users back to login again from my site, and this seems to work.

1
ruby-on-railsoauthshopify

1 Answers

0
votes

You should use the same OAuth process for first time install and returning login. Have a look at the Rails App Shopify provides which uses the same OAuth process for both install and login. Because you're scope didn't change, Shopify won't display the authorization page and automatically redirect to the return URL.

Take a look at the generate routes and the SessionsController for an example.