Get offline access token from koa

Solved
avet
Shopify Partner
8 2 4

Hi, a newbie here.

Sorry for the basic question but can't find the answer elsewhere.

 

I am building an app which will execute background queries and mutations (not initiated from UI). So I am trying to get an offline access token but so far no luck. I am using Koa to authenticate against Shopify so I guess this is how it is supposed to work:

 
const server = new Koa();
server.use(session(server));
server.keys = [SHOPIFY_API_SECRET_KEY];
server.use(
    createShopifyAuth({
        apiKey: SHOPIFY_API_KEY,
        secret: SHOPIFY_API_SECRET_KEY,
        scopes: ['read_products', 'write_products', 'read_orders', 'write_orders'],
        async afterAuth(ctx) {
            const { shop, accessToken } = ctx.session;
            ctx.cookies.set('shopOrigin', shop, { httpOnly: false });

            //get offline access token
            //1. get code and hmac from URL <== how to get those
            //2. verify hmac
            //3. send POST to https://{shop}.myshopify.com/admin/oauth/access_token supplying client_id, client_secret and code from above


            ctx.redirect('/');
        },
    }),
);

Any advice how to get code and hmac from URL?

Thanks.

 
Accepted Solution (1)

Accepted Solutions
avet
Shopify Partner
8 2 4

This is an accepted solution.

Found the answer. ctx.query it is!

View solution in original post

Replies 13 (13)
avet
Shopify Partner
8 2 4

This is an accepted solution.

Found the answer. ctx.query it is!

avet
Shopify Partner
8 2 4

Copying comment from another thread for the sake of full info:

 

Well, apparently you don't need to exchange the code to access token manually. koa-shopify-auth allows to request an offline access token as specified here: https://www.npmjs.com/package/@shopify/koa-shopify-auth

 

So final code look like this:

app.prepare().then(() => {
    const server = new Koa();    server.use(session(server));    server.keys = [SHOPIFY_API_SECRET_KEY];    server.use(        createShopifyAuth({            apiKey: SHOPIFY_API_KEY,            secret: SHOPIFY_API_SECRET_KEY,            scopes: ['read_products', 'write_products', 'read_orders', 'write_orders'],            accessMode: 'offline',
            async afterAuth(ctx) {
                const { shop, accessToken } = ctx.session;                ctx.cookies.set('shopOrigin', shop, { httpOnly: false });                console.log(`=========access token (offline):`, accessToken);
...

this access token can be used to execute GQL queries.

Binaize
New Member
7 0 0

@avet 

Hi there,

Can you please tell me if code in ctx.query is the offline access token?? Is it? If not how did you get the offline access token??

I have been trying to get the offline access token but not able to.

When I try accessMode as "offline" I get token but with expiry date so I am guessing it's not correct?

Please help.

Thank you!

Binaize
New Member
7 0 0

@avet 

Also, how do we get the token when user clicks our app second time after closing?

I don't see access_token being generated the next time they try to access the app.

Thank you in advance!

avet
Shopify Partner
8 2 4

Hi @Binaize ,

if you specify accessMode:offline, then you should get the offline token which doesn't expire. 

Not sure how you checked the expiry date.

Also, you are supposed to store this access token and re-use later. No need to re-generate it every time. 

Pravin-Bhapkar
Excursionist
12 2 2

What if first time missed to store token because of some server error ? When second time open app, there is no access token generated ? 

how we can force to regenerate or reauthorize token ? 

Kacher
Shopify Partner
4 0 7

Do you still have this issue? 
I still cannot use the access token for later update even accessMode is offline. 

 

scole954387
Excursionist
19 1 10

Hi,

 

do you have an example of  code that can pull data offline using GraphQL and the offline token?

 

Thanks!

Pravin-Bhapkar
Excursionist
12 2 2

Even in offline token when app is launch it gives you same token. (Which you got first time). So even if you missed first time you will get same token next time when app launch. (OR this authenticate function is invoked)

Pravin-Bhapkar
Excursionist
12 2 2

@scole954387 
for offline token, set accessMode = offline.

try using below code.

  server.use(
    createShopifyAuth({
      apiKey: SHOPIFY_API_KEY,
      secret: SHOPIFY_API_SECRET_KEY,
      scopes: ['read_products'],
      accessMode: 'offline',
       afterAuth(ctx) {
const { accessToken } = ctx.session;  
.
.
scole954387
Excursionist
19 1 10

Awesome! Thanks.

I’m new to node/koa.  Once you have access to the offline token how do you run scripts automatically in the background?

Just say I wanted to update merchant data for each store who have the app installed.  Is this possible?

Pravin-Bhapkar
Excursionist
12 2 2

You can do it by your nodejs (Backend code).  But for that you need store_id for each store. 

You can write backend code with shopify graphQL mutation to update data for each store (you need to give store details, you can store it in your DB or somewhere safe).  Shopify have mutation to update data.

 

React code will get executed only for that store from where you have launched app. different store have different access token which will never expire. 

hugo4711
Shopify Partner
17 1 1

Thank you very much! This pointed me in the right direction:

 

If anyone stumbles upon this:

If you are using KOA, then 'online' mode is DEFAULT! This is completely misleading...

 

https://www.npmjs.com/package/@shopify/koa-shopify-auth

 

ATTENTION: verifyRequest and shopifyAuth BOTH need to specify 'offline' as default. See the documentation!

 

https://community.shopify.com/c/shopify-apis-and-sdks/get-offline-access-token-from-koa/m-p/608000#M...