[OAuth] Online (session) tokens instead of permanent offline tokens

Highlighted
New Member
2 0 0

Overview
I have next code (using @shopify/koa-shopify-auth):

server.use(session({ secure: true, sameSite: "none" }, server));
server.use(
shopifyAuth({
apiKey: SHOPIFY_API_KEY,
secret: SHOPIFY_API_SECRET_KEY,
scopes: ["write_script_tags", "read_script_tags"],
accessMode: "offline",
async afterAuth(ctx) {
const { shop, accessToken } = ctx.session;
console.log("We did it!", accessToken);
ctx.cookies.set("shopOrigin", shop, {
httpOnly: false,
secure: true,
sameSite: "None"
});


But for some reason the result is:
76761348-52cfcd80-67a0-11ea-89a5-0db1da834336
So with accessMode: "offline" I still get online tokens?
Please, correct me If I am doing something wrong. I need permanent offline tokens to avoid window redirect & refresh for users on every login.

 

 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1040 139 163

Hey @Feuer,

 

Access mode defaults to offline, you can remove the `accessMode: "offline"` line.

 

I might be missing something - the screenshot doesn't indicate an online token?

 

Is this line logging the token? If so you're good to go - simply store the token.

 

console.log("We did it!", accessToken);

 

0 Likes
Highlighted
New Member
2 0 0

Hello @

"Access mode defaults to offline, you can remove the `accessMode: "offline"` line." - not in @shopify/koa-shopify-auth, default is online

(from docs https://www.npmjs.com/package/@shopify/koa-shopify-auth).

Yeah, screenshot shows online token (wich will expire after browser session ends) instead of permanent offline token.

"Is this line logging the token? If so you're good to go - simply store the token." - not that simple. This code is from server-side, while token should be saved on client-side, in browser, so to work with received token myself, after saving it manually I have to rewrite my own verifyRequest() function from the library :)

Actually @shopify/koa-shopify-auth should do all this things

Ok, as I can see koa-shopify-auth has nothing common with browser & client-side.

The session token from the screenshot is probably from koa-session library, nothing from koa-shopify-auth.

Well, I have to ask some more questions to understand everything.

Where actually koa-shopify-auth stores tokens? How does it work together with koa-session (I mean in wich way koa-session token is connected with koa-shopify-auth token on server-side)?

 

 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1040 139 163

Hey @Feuer,

 

The koa:sess cookie is for the koa session. This is different to the API access token. The access token is used to authenticate calls to the API.

 

const { shop, accessToken } = ctx.session;
console.log("We did it!", accessToken);

^ store this access token to use with API calls.

 

When a user clicks through to your app from the admin, koa-shopify-auth will verify the request to make sure a shop is who they say they are. Once you reach the afterAuth callback, you can store the shop url in a session.

 

Then, when you make requests to the API, include the access token.

 

Let me know if you have any questions.

0 Likes
Highlighted
Tourist
6 0 1

Hi! Is there any way for retrieving both online and offline token using koa-shopify-auth? I would like to get an offline token only when the app is installed, and an online token every time the app is opened (the first time the app is installed too). Thanks!!!

0 Likes