Online and offline tokens

Highlighted
Tourist
6 0 1

Hi everyone, I've been looking for an answer for a long time with no result. 
Here is my question: is there a way I can get both online and offline access tokens? My ideal scenario is to get the offline token only during the installation process, and the online token every time the app is launched (the first time the app is installed too). I'm using Nodejs and I would like to keep using koa-shopify-auth's middleware.

 

Thanks in advance!

1 Like
Highlighted
Shopify Staff
Shopify Staff
1041 140 165

Hey @DenTok,

 

Our docs suggest it's doable - have you run any tests? Let me know where you got to - happy to lend a hand testing. Also what's the use case?

 

It’s possible for an app to use both access modes at the same time by using different access tokens when appropriate.

0 Likes
Highlighted
Tourist
6 0 1

Hi @SBD_ , thanks for the reply! My use case is an application which need to get the offline token for making operations like webhooks registration and product updates. The online token is instead needed for having a user session and a way to check if the current user can effectively access some of the resources shown by the app. 
I run some test making oauth flow with an Express server and I actually got both access tokens just redirecting the app to a second authorization URL after I got the first token, but I cannot find a way to launch the app after the oauth flow.
I asked for koa-shopify-auth because I previously used the middleware which is provided here and that's working fine, but I couldn't find a way for retrieving both tokens using it.

Thank you

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1041 140 165

Interesting. I'm not sure you're able to obtain both at once, or the second without the oauth/redirect flow. Have you experimented with sessions instead?

 

 

0 Likes
Highlighted
Tourist
6 0 1

Hi, sorry for the late answer. 
Is it possibile for a second oauth/redirect to take place using koa-shopify-auth?
How do you suggest to use sessions instead?

 

Thanks again

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1041 140 165

Hey @DenTok 

 

I ran some tests to fill in the blanks, here's the flow to generate both an offline and online token:

 

1. Send the merchant to the install page:

 

{shop}.myshopify.com/admin/oauth/authorize?client_id=..&scope=..&redirect_uri=...

2. They'll see the confirmation screen and if they proceed, they'll be redirected back to your app. Generate + store the offline token.

3. Kick off the OAuth flow again, but request an online token (grant_options[]=per-user). If the scope remains the same, the user shouldn't see another confirmation screen, they'll be redirected back to your app immediately.

 

{shop}.myshopify.com/admin/oauth/authorize?client_id=..&scope=..&redirect_uri=...&grant_options[]=per-user

4. Now you can generate the online token + store it in a cookie.

 

You'll need to add some checks to handle first install / opening the app / edge cases like a merchant closing the app half way through the install.

 

Is it possibile for a second oauth/redirect to take place using koa-shopify-auth?

Probably, but since it's middleware you might need to experiment with multiple routes.

1 Like
Highlighted
Tourist
6 0 1

@SBD_ yep, that's exactly what I did in order to generate both tokens. The only problem I have encountered here is the final redirect. I mean, after I got the last token I need where should I redirect the user in order to start the app? By using the koa middleware I just redirect to the app url (let's say /admin) and everything works fine, but that's not the case without the middleware.
Thanks anyway for your time!

0 Likes