I am new to the Shopify app ecosystem and I am a bit confused about OAuth 2.0.
So I created my rails app using Shopify CLI tool.
I can add it to my development store and the app gets added and if write code it works, I see the changes in the embedded app.
However, I haven’t done anything for OAuth. Shopify documentation says that the developer should implement OAuth 2.0.
So do I have to actually write the code for OAuth or is the shopify_app gem taking care of it? If I have to write the code, then how come I was able to add it to my development store? If I don’t have to write the code for it, then why does the Shopify tutorial says I should?
Also in my database I see that a shop got created in my shops table (The shop being my own development store, but I haven’t written the code for this creation to happen).
Thanks so much in advance to anyone who will help
I'm not a Rails dev, but it sounds like the Shopify CLI has down some of the work for you. What is in your source code at the moment? Do you understand everything there? I would suggest reading the docs about the Shopify CLI tool to better understand what it is actually doing for you. Using tools is great, but make sure you know what they are doing and why, it helps with debugging down the track!
Good luck with your restaurant app!
I believe when Shopify is referring to OAuth in its development documentation this is intended for private/custom/public apps that are installed in a Shopify shop. The Ruby shopify_api and shopify_cli packages are a way for developers to interact with the Admin API and whatnot. But if you want to deliver an app that a Shopify client has running against their shop then that's where they grant permissions for your app to access certain scopes within their shop. That's where OAuth comes in...
Thanks so much for replying, much appreciated.
The main code related to OAuth I can see is this omniauth initializer (and the shopify_app initializer)
The shops (test development stores) are being automatically created in my db when I am adding my app to them, I really cannot find any code doing that creation (literally looked at every file in my app)
If I can add my app to a test development store (with the right permissions) does this mean that the app has OAuth 2.0 implemented properly (I am getting the prompt to confirm app addition)? or not necessarily? In other words, do I have to deal with hmac and nonce etc...?
It also created this for me:
Thanks for replying, much appreciated.
Please see my reply above. Also I am using the shopify_app gem not just the shopify_api gem.
dependencies of the shopify_app gem, inlcude shopify_api and omniauth-shopify-oauth2:
Thanks in advance!
Unless I'm mistaken, the mechanism of installing the app in a Shopify shop triggers the OAuth process, where the shop user with their logged-in credentials authorizes the app to do the scoped access functions. Best advice would be to try it, especially if you have a development store to install it in already!