0.1.1 • Published 6 years ago

shopify-token-store v0.1.1

Weekly downloads
7
License
MIT
Repository
github
Last release
6 years ago

Shopify Token Store

Obtain and store shopify access tokens :closed_lock_with_key:

npm

:warning: The API is not yet stable.

yarn add shopify-token-store
npm i shopify-token-store

API

The module exports a class that allows to create access token stores. Store instances have methods that allows to obtain an access token according to the OAuth flow.

new ShopifyTokenStore(options)

Creates a new ShopifyTokenStore instance.

options

  • apiKey - Required - A string that specifies the API key of your app.
  • sharedSecret - Required - A string that specifies the shared secret of your app.
  • redirectUri - Required - A string that specifies the URL where you want to redirect the users after they authorize the app.
  • scopes - Optional - An array of strings or a comma-separated string that specifies the list of scopes e.g. "read_products,write_products". Defaults to "read_content".
  • storeStrategy - Optional - A TokenStoreStrategy that defines how the token will be stored. Defaults to MemoryStrategy (:warning: Not suitable for production).
  • timeout - Optional - A number of milliseconds to wait when sending a request to Shopify (e.g. request the access token). Defaults to 60000 (1 minute).

Return value

A ShopifyTokenStore instance.

Exceptions

Throws an Error exception if the required options are missing.

Example

import ShopifyTokenStore from "shopify-token-store";

const shopifyTokenStore = new ShopifyTokenStore({
	sharedSecret: process.env.SHOPIFY_APP_SECRET,
	redirectUri: url.resolve(
		process.env.SHOPIFY_APP_ORIGIN,
		"/shopify/auth/callback"
	),
	apiKey: process.env.SHOPIFY_APP_KEY,
	scopes: ["read_products", "write_products"]
});

shopifyTokenStore.generateNonce()

Generates a random nonce.

Return value

A string representing a nonce.

Example

const nonce = shopifyToken.generateNonce();

console.log(nonce);
// => 212a8b839860d1aefb258aaffcdbd63f

shopifyToken.generateAuthorizationUrl(shopName, options)

Returns the authorization URL where you should redirect the user.

shopName

A string representing the name of the user's shop e.g. a-store-name.

options

  • scopes - Optional - An Array<string> to override the default list of scopes.
  • nonce - Optional - A string representing a nonce. If not provided it will be generated automatically.

Return value

A string representing the URL where the user should be redirected.

Example

const authUrl = shopifyTokenStore.generateAuthorizationUrl(shopName, { nonce });

console.log(authUrl);
// => https://a-store-name.myshopify.com/admin/oauth/authorize?scope=read_content&state=619f7e27dd47cc9twp0ad04e93754k81&redirect_uri=https%3A%2F%2Flocalhost%3A3000%2Fcallback&client_id=b35d23b9b6f2b65f3896c954ra8e2443

shopifyTokenStore.verifyHMAC(query)

Verify that a request came from Shopify. It can be used to validate a webhook or a request to the redirectUri.

query

An object representing the request query. It should contain at least the following keys:

  • code - A string representing the authorization code.
  • hmac - A string representing the request HMAC.
  • shop - A string representing the shop domain e.g. a-store-name.myshopify.com
  • timestamp - A string representing the timestamp of the request.

Return value

A boolean that is true if the hmac is valid.

Example

if (shopifyTokenStore.verifyHMAC(request.query)) {
	// The request is valid
}

shopifyTokenStore.getAccessToken(shop, code)

When redirectUri gets called, the request query will contain shop and code parameters that we can use to obtain the access token.

shop

A string representing the hostname of the shop (e.g. a-store-name.myshopify.com).

code

A string representing the authorization code.

Return value

A Promise that resolves to a string representing the access token.

Example

const { shop, code } = request.query;
const accessToken = await shopifyTokenStore.getAccessToken(shop, code);

shopifyTokenStore.store(userId, shopName, accessToken)

Use this method to store a new access token (the behaviour changes according to the configured storeStrategy).

userId

A string representing the id that uniquely identify the user.

The user id can be for example a JWT token stored in the client localStorage.

shopName

A string representing the shop name (e.g. a-shop-name).

accessToken

A string representing the access token.

Return value

A Promise.

Example

await shopifyTokenStore.store(userId, shopName, accessToken);

shopifyTokenStore.getByUserId(userId)

Get the access token associated to the user.

userId

A string representing the id that uniquely identify the user.

Return value

A Promise that resolves to a string that represents an access token.

Example

const accessToken = await shopifyTokenStore.getByUserId(userId);

shopifyTokenStore.getByShopName(shopName)

Get the access token associated to a shop name.

shopName

This is useful when we need to process webhooks.

Return value

A Promise that resolves to a string that represents an access token.

Example

const accessToken = await shopifyTokenStore.getByShopName(shopName);

Roadmap

  • Implement shopify access token offline mode
  • Implement basic memory strategy
  • Implement MongoDB strategy
  • Implement API credential rotation
  • Implement shopify access token online mode
shopifytokenoauthapi
request-promise-native
@infinitebrahmanuniverse/nolb-shop@everything-registry/sub-chunk-2753
0.1.1

6 years ago

0.1.0

6 years ago

0.1.0-alpha

6 years ago