diff --git a/CHANGELOG.md b/CHANGELOG.md index e891561c9..04270411e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ and adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). ### Fixed - Don't include extra params when calculating local hmac [#196](https://github.com/Shopify/shopify-node-api/pull/196) +- [Breaking] Change default for OAuth.beginAuth to online sessions [#203](https://github.com/Shopify/shopify-node-api/pull/203) - [Breaking] Return and delete session in `validateAuthCallback` [#217](https://github.com/Shopify/shopify-node-api/pull/217) - [Breaking] Extract `addHandler` and `getHandler` methods for webhooks out of `register` [#205](https://github.com/Shopify/shopify-node-api/pull/205) diff --git a/docs/usage/oauth.md b/docs/usage/oauth.md index e601d4cb1..9f1d05734 100644 --- a/docs/usage/oauth.md +++ b/docs/usage/oauth.md @@ -6,7 +6,16 @@ To do that, you can follow the steps below. ## Add a route to start OAuth -The route for starting the OAuth process (in this case `/login`) will use the library's `beginAuth` method. The `beginAuth` method takes in the request and response objects (from the `http` module), along with the target shop _(string)_, redirect route _(string)_, and whether or not you are requesting [online access](https://shopify.dev/concepts/about-apis/authentication#api-access-modes) _(boolean)_. The method will return a URI that will be used for redirecting the user to the Shopify Authentication screen. +The route for starting the OAuth process (in this case `/login`) will use the library's `beginAuth` method. The method will return a URI that will be used for redirecting the user to the Shopify Authentication screen. + +| Parameter | Type | Required? | Default Value | Notes | +| --- | --- | :---: | :---: | --- | +| `request` | `http.IncomingMessage` | Yes | - | The HTTP Request. | +| `response` | `http.ServerResponse` | Yes | - | The HTTP Response. | +| `shop` | `string` | Yes | - | A Shopify domain name in the form `{exampleshop}.myshopify.com`. | +| `redirectPath` | `string` | Yes | - | The redirect path used for callback with a leading `/`. The route should be allowed under the app settings. | +| `isOnline` | `bool` | No | `true` | `true` if the session is online and `false` otherwise. | +
Node.js @@ -17,7 +26,7 @@ The route for starting the OAuth process (in this case `/login`) will use the li if (pathName === '/login') { // process login action try { - const authRoute = await Shopify.Auth.beginAuth(request, response, SHOP, '/auth/callback'); + const authRoute = await Shopify.Auth.beginAuth(request, response, SHOP, '/auth/callback', false); response.writeHead(302, { 'Location': authRoute }); response.end(); @@ -47,13 +56,7 @@ http.createServer(onRequest).listen(3000); ```ts app.get('/login', async (req, res) => { - let authRoute = await Shopify.Auth.beginAuth( - req, - res, - SHOP, - '/auth/callback', - true, - ); + let authRoute = await Shopify.Auth.beginAuth(req, res, SHOP, '/auth/callback', false); return res.redirect(authRoute); }); ``` diff --git a/docs/usage/webhooks.md b/docs/usage/webhooks.md index 862d8d4a1..8686a0027 100644 --- a/docs/usage/webhooks.md +++ b/docs/usage/webhooks.md @@ -65,10 +65,7 @@ app.get('/auth/callback', async (req, res) => { // this handler is triggered when a webhook is sent by the Shopify platform to your application }; - const currentSession = await Shopify.Utils.loadCurrentSession( - req, - res, - ); + const currentSession = await Shopify.Utils.loadCurrentSession(req, res); // See https://shopify.dev/docs/admin-api/graphql/reference/events/webhooksubscriptiontopic for a list of available topics const resp = await Shopify.Webhooks.Registry.register({ diff --git a/src/auth/oauth/oauth.ts b/src/auth/oauth/oauth.ts index ad957e362..1e9688a4f 100644 --- a/src/auth/oauth/oauth.ts +++ b/src/auth/oauth/oauth.ts @@ -35,14 +35,14 @@ const ShopifyOAuth = { * @param redirect Redirect url for callback * @param isOnline Boolean value. If true, appends 'per-user' grant options to authorization url to receive online access token. * During final oauth request, will receive back the online access token and current online session information. - * Defaults to offline access. + * Defaults to online access. */ async beginAuth( request: http.IncomingMessage, response: http.ServerResponse, shop: string, redirectPath: string, - isOnline = false, + isOnline = true, ): Promise { Context.throwIfUninitialized(); Context.throwIfPrivateApp('Cannot perform OAuth for private apps'); diff --git a/src/auth/oauth/test/oauth.test.ts b/src/auth/oauth/test/oauth.test.ts index 7900fd04a..f37ae3ef7 100644 --- a/src/auth/oauth/test/oauth.test.ts +++ b/src/auth/oauth/test/oauth.test.ts @@ -87,19 +87,14 @@ describe('beginAuth', () => { expect(session).toHaveProperty('expires', undefined); }); - test('sets session id and cookie to shop name with "_offline" for offline access requests', async () => { - await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback'); + test('sets session id and cookie to shop name prefixed with "offline_" for offline access requests', async () => { + await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback', false); expect(cookies.id).toBe(`offline_${shop}`); }); test('returns the correct auth url for given info', async () => { - const authRoute = await ShopifyOAuth.beginAuth( - req, - res, - shop, - '/some-callback', - ); + const authRoute = await ShopifyOAuth.beginAuth(req, res, shop, '/some-callback', false); const session = await Context.SESSION_STORAGE.loadSession(cookies.id); /* eslint-disable @typescript-eslint/naming-convention */ const query = {