I have a React front end created by following: https://shopify.dev/tutorials/build-a-shopify-app-with-node-and-react
It is a NextJs React app with a custom Koa server to serve the NextJs app. That Koa server uses the koa-ashopify-auth package to perform OAuth with Shopify and get an access token.
This is the auth middleware code:
server.use(
createShopifyAuth({
apiKey: SHOPIFY_API_KEY as string,
secret: SHOPIFY_API_SECRET_KEY as string,
scopes: ['read_products'],
afterAuth(ctx) {
const { shop, accessToken } = ctx.session as IShopifyKoaSession
>>> I would like to create a user on my own backend now and login the user.
.... more stuff
}
})
)
I have a Django backend that I will be setting up a REST endpoint to do auth with my backend (I would like to use JWT).
So I have performed OAuth with Shopify on client-side and have an access token
How do I use this client side access token and securely create a new user on my backend in a secure way?
I am thinking something like ->
...
const { shop, accessToken } = ctx.session as IShopifyKoaSession
await myApiService.createOrUpdateUser(shop, accessToken) // Calls my external backend
How should I go about doing this? This is basically an implicit oauth flow.
The above would not be secure unless there was a way to validate shop and access token on the backend.
