[OAuth] Online (session) tokens instead of permanent offline tokens

Feuer
New Member
2 0 0

Overview
I have next code (using @shopify/koa-shopify-auth):

server.use(session({ secure: true, sameSite: "none" }, server));
server.use(
shopifyAuth({
apiKey: SHOPIFY_API_KEY,
secret: SHOPIFY_API_SECRET_KEY,
scopes: ["write_script_tags", "read_script_tags"],
accessMode: "offline",
async afterAuth(ctx) {
const { shop, accessToken } = ctx.session;
console.log("We did it!", accessToken);
ctx.cookies.set("shopOrigin", shop, {
httpOnly: false,
secure: true,
sameSite: "None"
});


But for some reason the result is:
76761348-52cfcd80-67a0-11ea-89a5-0db1da834336
So with accessMode: "offline" I still get online tokens?
Please, correct me If I am doing something wrong. I need permanent offline tokens to avoid window redirect & refresh for users on every login.

 

 

0 Likes
SBD_
Shopify Staff
Shopify Staff
1081 146 193

Hey @Feuer,

 

Access mode defaults to offline, you can remove the `accessMode: "offline"` line.

 

I might be missing something - the screenshot doesn't indicate an online token?

 

Is this line logging the token? If so you're good to go - simply store the token.

 

console.log("We did it!", accessToken);

 

0 Likes
Feuer
New Member
2 0 0

Hello @

"Access mode defaults to offline, you can remove the `accessMode: "offline"` line." - not in @shopify/koa-shopify-auth, default is online

(from docs https://www.npmjs.com/package/@shopify/koa-shopify-auth).

Yeah, screenshot shows online token (wich will expire after browser session ends) instead of permanent offline token.

"Is this line logging the token? If so you're good to go - simply store the token." - not that simple. This code is from server-side, while token should be saved on client-side, in browser, so to work with received token myself, after saving it manually I have to rewrite my own verifyRequest() function from the library :)

Actually @shopify/koa-shopify-auth should do all this things

Ok, as I can see koa-shopify-auth has nothing common with browser & client-side.

The session token from the screenshot is probably from koa-session library, nothing from koa-shopify-auth.

Well, I have to ask some more questions to understand everything.

Where actually koa-shopify-auth stores tokens? How does it work together with koa-session (I mean in wich way koa-session token is connected with koa-shopify-auth token on server-side)?

 

 

0 Likes
SBD_
Shopify Staff
Shopify Staff
1081 146 193

Hey @Feuer,

 

The koa:sess cookie is for the koa session. This is different to the API access token. The access token is used to authenticate calls to the API.

 

const { shop, accessToken } = ctx.session;
console.log("We did it!", accessToken);

^ store this access token to use with API calls.

 

When a user clicks through to your app from the admin, koa-shopify-auth will verify the request to make sure a shop is who they say they are. Once you reach the afterAuth callback, you can store the shop url in a session.

 

Then, when you make requests to the API, include the access token.

 

Let me know if you have any questions.

0 Likes
DenTok
Tourist
8 0 2

Hi! Is there any way for retrieving both online and offline token using koa-shopify-auth? I would like to get an offline token only when the app is installed, and an online token every time the app is opened (the first time the app is installed too). Thanks!!!

0 Likes
yakpak_rahulm
Tourist
13 0 1

Hi @SBD_ ! I would also like to know the answer to @DenTok's question about retrieving online and offline tokens. @DenTok were you able to figure it out?

0 Likes