koa-shopify-auth v4 : how to verify rest api request for custom api endpoint

tejaspatel
Shopify Partner
4 0 2

We have to upgrade our app from cookie base auth to cookieless or session-based auth. So we have to upgrade the app to use koa-shopify-auth V4. I have to use access mode offline as we needed a token for later use with webhooks. so create auth implementation looks as below:

 

 

server.use(
    createShopifyAuth({
      accessMode: 'offline',
      async afterAuth(ctx) {
        // Access token and shop available in ctx.state.shopify
        const { shop, accessToken, scope } = ctx.state.shopify;
        ACTIVE_SHOPIFY_SHOPS[shop] = scope;
       saveAccessToken(shop, accessToken);

        const response = await Shopify.Webhooks.Registry.register({
          shop,
          accessToken,
          path: '/webhooks',
          topic: 'APP_UNINSTALLED',
          webhookHandler: handleAppUninstalled,
        });

        if (!response.success) {
          console.log(
            `Failed to register APP_UNINSTALLED webhook: ${response.result}`,
          );
        }
        // Redirect to app with shop parameter upon auth
        ctx.redirect(`/?shop=${shop}`);
      },
    }),
  );

 

Now how can I verify request coming from the app via Rest API. I have tried as below:

 

 

router.get('/test', verifyRequest(), async (ctx) => {
    ctx.res.statusCode = 200;
 });

 

I have tried verifyRequest({ accessMode: 'offline' }) as well and no luck. In both cases, it returns 302 and executes /auth with 400 bad requests. In the older version (koa-shopify-auth v3) verifyRequest() used to work. 

Any help will be appreciated to find out the best way to verify request coming to the custom API end point.

 

 

 

Replies 6 (6)

nicolasortega
Visitor
3 0 0

Hi!,

Did u solve it?, have exactly the same issue

 

kofiko
Visitor
1 0 0

same issue here, spent hours trying..

laradev
Shopify Partner
2 0 0

Did you guys figure this out?

Reach us at:
Website: https://www.laradev.co.uk
E-mail: adam@laradev.co.uk
gutan
Tourist
4 1 0

Same here, same problem for me as well 

Promise {<pending>}[[Prototype]]: Promise[[PromiseState]]: "fulfilled"[[PromiseResult]]: "Expected a valid shop query parameter"

Remelic
Visitor
1 0 0

I'm not sure if this will help but the access token is called from ctx.session.accessToken when you need to make requests after. Cheers.

Chapolin
Visitor
1 0 0

obrigado 

 

Claudio Anjos