Get offline access token from koa

Solved
avet
Shopify Partner
8 2 2

Hi, a newbie here.

Sorry for the basic question but can't find the answer elsewhere.

 

I am building an app which will execute background queries and mutations (not initiated from UI). So I am trying to get an offline access token but so far no luck. I am using Koa to authenticate against Shopify so I guess this is how it is supposed to work:

 
const server = new Koa();
server.use(session(server));
server.keys = [SHOPIFY_API_SECRET_KEY];
server.use(
    createShopifyAuth({
        apiKey: SHOPIFY_API_KEY,
        secret: SHOPIFY_API_SECRET_KEY,
        scopes: ['read_products', 'write_products', 'read_orders', 'write_orders'],
        async afterAuth(ctx) {
            const { shop, accessToken } = ctx.session;
            ctx.cookies.set('shopOrigin', shop, { httpOnly: false });

            //get offline access token
            //1. get code and hmac from URL <== how to get those
            //2. verify hmac
            //3. send POST to https://{shop}.myshopify.com/admin/oauth/access_token supplying client_id, client_secret and code from above


            ctx.redirect('/');
        },
    }),
);

Any advice how to get code and hmac from URL?

Thanks.

 
0 Likes
avet
Shopify Partner
8 2 2

This is an accepted solution.

Found the answer. ctx.query it is!

0 Likes
avet
Shopify Partner
8 2 2

Copying comment from another thread for the sake of full info:

 

Well, apparently you don't need to exchange the code to access token manually. koa-shopify-auth allows to request an offline access token as specified here: https://www.npmjs.com/package/@shopify/koa-shopify-auth

 

So final code look like this:

app.prepare().then(() => {
    const server = new Koa();    server.use(session(server));    server.keys = [SHOPIFY_API_SECRET_KEY];    server.use(        createShopifyAuth({            apiKey: SHOPIFY_API_KEY,            secret: SHOPIFY_API_SECRET_KEY,            scopes: ['read_products', 'write_products', 'read_orders', 'write_orders'],            accessMode: 'offline',
            async afterAuth(ctx) {
                const { shop, accessToken } = ctx.session;                ctx.cookies.set('shopOrigin', shop, { httpOnly: false });                console.log(`=========access token (offline):`, accessToken);
...

this access token can be used to execute GQL queries.

Binaize
New Member
7 0 0

@avet 

Hi there,

Can you please tell me if code in ctx.query is the offline access token?? Is it? If not how did you get the offline access token??

I have been trying to get the offline access token but not able to.

When I try accessMode as "offline" I get token but with expiry date so I am guessing it's not correct?

Please help.

Thank you!

0 Likes
Binaize
New Member
7 0 0

@avet 

Also, how do we get the token when user clicks our app second time after closing?

I don't see access_token being generated the next time they try to access the app.

Thank you in advance!

0 Likes
avet
Shopify Partner
8 2 2

Hi @Binaize ,

if you specify accessMode:offline, then you should get the offline token which doesn't expire. 

Not sure how you checked the expiry date.

Also, you are supposed to store this access token and re-use later. No need to re-generate it every time. 

0 Likes
Pravin-Bhapkar
New Member
3 0 0

What if first time missed to store token because of some server error ? When second time open app, there is no access token generated ? 

how we can force to regenerate or reauthorize token ? 

0 Likes
Kacher
Tourist
4 0 6

Do you still have this issue? 
I still cannot use the access token for later update even accessMode is offline. 

 

0 Likes