Best way to find shop owner details post successful Oauth

Highlighted
New Member
2 0 0

I am currently developing a Shopify integration to submit the app store. Since Shopify requires Oauth to be the first flow from their app store to our service, the challenge becomes knowing who did the authentication so we can associate the access token to a user account on our end. The best action I can see is to call the shop API to determine the shop owner's email for the association. Is that the path of least resistance for what I am requiring or is there another API call better suited for this?

 

API URL that I am considering to call post success OAuth.

https://help.shopify.com/en/api/reference/store-properties/shop?api[version]=2019-04

0 Likes
Highlighted
Shopify Partner
156 9 40

Hey @avelis,

 

Out of curiosity, why not link the account to the Shopify domain of the shop (e.g. test-store.myshopify.com)?  This would make future authentication requests simpler as every load of your app from Shopify passes shop in the URL.  Once the HMAC is validated, you can log in to the user account.

Co-Founder / CTO @ Intuitive Shipping Inc.
Intuitive Shipping | Smart Boxing | Automate Shipping Profiles
0 Likes
Highlighted
New Member
2 0 0

Hey @Joel-Reeds 


@Joel-Reeds wrote:

Hey @avelis,

 

Out of curiosity, why not link the account to the Shopify domain of the shop (e.g. test-store.myshopify.com)?  This would make future authentication requests simpler as every load of your app from Shopify passes shop in the URL.  Once the HMAC is validated, you can log in to the user account.


I appreciate you taking the time to answer my question. Is it possible for you to expand on our linking suggestion? Linking shop access credentials to an account on our end with auto-login would be a form of 3rd party login.

 

The integration intention is trigger based. Our users would be using our application outside of Shopify to facilitate other application actions. Our application submission was denied since we asked our Promoter.io user account to auth first so we know in our session who to associate the shops access token to. Removing that piece then requires us to determine who on our end wanted the shop access token association to their user account.

 

It's a bit of a challenge since the OAuth association isn't one to one. We are asking an account user to associate a shop's access token.

0 Likes