OAuth 2.0

tarek-rahme · ‎12-07-2020

Hello

I am new to the Shopify app ecosystem and I am a bit confused about OAuth 2.0.

So I created my rails app using Shopify CLI tool.

I can add it to my development store and the app gets added and if write code it works, I see the changes in the embedded app.

However, I haven’t done anything for OAuth. Shopify documentation says that the developer should implement OAuth 2.0.

So do I have to actually write the code for OAuth or is the shopify_app gem taking care of it? If I have to write the code, then how come I was able to add it to my development store? If I don’t have to write the code for it, then why does the Shopify tutorial says I should?

Also in my database I see that a shop got created in my shops table (The shop being my own development store, but I haven’t written the code for this creation to happen).

Thanks so much in advance to anyone who will help 🙏🏼🙏🏼

BStubbs · ‎12-08-2020

Hi Tarek,

I'm not a Rails dev, but it sounds like the Shopify CLI has down some of the work for you. What is in your source code at the moment? Do you understand everything there? I would suggest reading the docs about the Shopify CLI tool to better understand what it is actually doing for you. Using tools is great, but make sure you know what they are doing and why, it helps with debugging down the track!

Good luck with your restaurant app!

Was this helpful? Press like!
Did it fix the problem? Mark it as the solution for others!
Buy me a beer? Well, sure!

Gregarican · ‎12-08-2020

I believe when Shopify is referring to OAuth in its development documentation this is intended for private/custom/public apps that are installed in a Shopify shop. The Ruby shopify_api and shopify_cli packages are a way for developers to interact with the Admin API and whatnot. But if you want to deliver an app that a Shopify client has running against their shop then that's where they grant permissions for your app to access certain scopes within their shop. That's where OAuth comes in...

tarek-rahme · ‎12-08-2020

Hi @Gregarican

Thanks for replying, much appreciated.

Please see my reply above. Also I am using the shopify_app gem not just the shopify_api gem.

dependencies of the shopify_app gem, inlcude shopify_api and omniauth-shopify-oauth2:

Thanks in advance!

Gregarican · ‎12-08-2020

Unless I'm mistaken, the mechanism of installing the app in a Shopify shop triggers the OAuth process, where the shop user with their logged-in credentials authorizes the app to do the scoped access functions. Best advice would be to try it, especially if you have a development store to install it in already!

tarek-rahme · ‎12-08-2020

Hi @BStubbs

Thanks so much for replying, much appreciated.

The main code related to OAuth I can see is this omniauth initializer (and the shopify_app initializer)

The shops (test development stores) are being automatically created in my db when I am adding my app to them, I really cannot find any code doing that creation (literally looked at every file in my app)

If I can add my app to a test development store (with the right permissions) does this mean that the app has OAuth 2.0 implemented properly (I am getting the prompt to confirm app addition)? or not necessarily? In other words, do I have to deal with hmac and nonce etc...?

It also created this for me:

class AuthenticatedController < ApplicationController

include ShopifyApp::Authenticated

end

Can't find ShopifyApp::Authenticated in my app, so must be coming from gem maybe?

Thanks again in advance!

OAuth 2.0

Shopify Community

Support

Shopify

Quick Links