I'm following the ITP Tutorial (https://shopify.dev/tutorials/update-your-app-to-support-intelligent-tracking-prevention) to enable cookies on Safari, and I'm supposed to Redirect to enable cookies page in top-level context. Im working with Python/Flask and HTML/CSS loading the Shopify App Bridge via CDN.
Do I need to create this cookies page myself? Or is there a URL that I can send them to, providing a Redirect URL, which has the general Shopify Layout of Accepting and Enabling Cookies
Solved! Go to the solution
This is an accepted solution.
👋 Hi @CraigP,
Yes, unfortunately these pages are only created for you when you use shopify_app gem or the koa-shopify-app node package. For other languages or frameworks, you would need to create these pages yourself for now. We are looking into offering something similar for other project setups, but at this time pre-configured pages are only available in Ruby and Node.
Thanks for replying!
Darn! Guess I'll have to create it myself.
Can you help explain some terminology from the IPS Tutorial that I'm unclear about?
"When merchant visits login page" -- This would be where I create the permissionURL that redirects to the install our app and approve these access scopes page?
"When merchant visits the enable cookies page" -- This is the enable cookies page with a button that I will sadly create myself
"When merchant visits the auth page" -- What page is this? Is this the original app/ page that a user enters when they click my app? Or is this a different page that I need to create myself as well? Or is it part of the permission URL page
In terms of the tutorial, does " 'auth page' refers to the `POST` to `login` with the shop URL " mean going to #1 or #2 in the tutorial steps.
Im now confused on at which point they go to the /authorize permission URL, or whether I'm following OAuth.
My current process, which works for Chrome is:
1. enter our app at /entry. Here it checks whether user is authenticated (whether they have their store access token saved in their Session). If authenticated it will render the homepage. If not, it will go to login which is an install.html, passing access scopes keys and redirect_uri.
2. In install.html, it will createAppBridge, create permissionURL which is the /authorize redirect which then logs the user in.
3. The redirect URL is to /installed which is where the access token is added into the User Session
4. Go back to /entry, being logged in so it can render homepage.
In my Step2 is where I'm adding the test_cookie checks for Safari. It currently seems like I need to add a /auth page specifically just for Safari which basically is install.html that sends them to /authorize, but I'm not confident if this is the correct way to go
When you say " the `POST` to `login` with the shop URL", does that mean #1 or #2 in terms of the IPS tutorial.
The way I'm currently set up, which works with Chrome is:
1. User clicks app and goes to /entry. In here, it will check if they are authenticated(checking whether they have their access_token in their Session). If not authenticated, they will be directed to login() which is install.html which is prepping for /authorize
2. In install.html, they are passed din the access_scopes, redirect_uri. and the permissionUri is created, which is /oauth/authorize. The redirect_uri is /installed
3. In /installed, because they should be logged in, I access their Shop and saved their access_token to their Session. They are then redirected to /entry
4. In /entry, they are now authenticated so the dashboard page will be rendered.
Following this IPS tutorial, I am adding the cookie test checks in the install.html part that would usually set up user for /authorize. If I'm supposed to take the user back to /entry, after checking their testCookie, it would just be a loop because the user wouldn't be logged in. What does "logged in" mean, because I feel like thats where Im misunderstanding, what deems the user to be logged in?
Hi @CraigP, thanks for your patience. I finally found the answer, but I'm afraid I have some bad news. The guide we have up is a solution for ITP 2.0, but it no longer works with the recent release of ITP 2.1 😰 The docs team now have a ticket open to update the instructions, which will likely include steps that were taken to get shopify_app gem and koa-shopify-auth package ITP 2.1-ready. There's also a cookie-less auth solution being tested right now, which if successful, will replace cookie-based auth: https://twitter.com/jmwind/status/1256249454430224386?lang=en Unfortunately I don't have a timeline for either of these.