We have to upgrade our app from cookie base auth to cookieless or session-based auth. So we have to upgrade the app to use koa-shopify-auth V4. I have to use access mode offline as we needed a token for later use with webhooks. so create auth implementation looks as below:
server.use(
createShopifyAuth({
accessMode: 'offline',
async afterAuth(ctx) {
// Access token and shop available in ctx.state.shopify
const { shop, accessToken, scope } = ctx.state.shopify;
ACTIVE_SHOPIFY_SHOPS[shop] = scope;
saveAccessToken(shop, accessToken);
const response = await Shopify.Webhooks.Registry.register({
shop,
accessToken,
path: '/webhooks',
topic: 'APP_UNINSTALLED',
webhookHandler: handleAppUninstalled,
});
if (!response.success) {
console.log(
`Failed to register APP_UNINSTALLED webhook: ${response.result}`,
);
}
// Redirect to app with shop parameter upon auth
ctx.redirect(`/?shop=${shop}`);
},
}),
);
Now how can I verify request coming from the app via Rest API. I have tried as below:
router.get('/test', verifyRequest(), async (ctx) => {
ctx.res.statusCode = 200;
});
I have tried verifyRequest({ accessMode: âofflineâ }) as well and no luck. In both cases, it returns 302 and executes /auth with 400 bad requests. In the older version (koa-shopify-auth v3) verifyRequest() used to work.
Any help will be appreciated to find out the best way to verify request coming to the custom API end point.