Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce the token exchange API for fetching access tokens #1254

Merged
merged 2 commits into from
Jan 17, 2024
Merged

Introduce the token exchange API for fetching access tokens #1254

merged 2 commits into from
Jan 17, 2024

Conversation

gbzodek
Copy link
Contributor

@gbzodek gbzodek commented Dec 7, 2023
edited
Loading

Description

This introduces the token exchange API to fetch access tokens based on the Token Exchange spec

This has been already added in shopify-api-js here, and we would like to make it available to Rails apps in the future as well.

How has this been tested?

Unit tests are provided in the PR to cover the new method. This has also been tested internally for our app (POS channel)

Checklist:

  • My commit message follow the pattern described in here
  • I have performed a self-review of my own code.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have updated the project documentation.
  • I have added a changelog line.

@gbzodek gbzodek self-assigned this Dec 7, 2023
@gbzodek gbzodek marked this pull request as ready for review December 7, 2023 14:08
@gbzodek gbzodek requested a review from a team as a code owner December 7, 2023 14:08
@gbzodek gbzodek requested a review from rezaansyed December 7, 2023 14:08
rezaansyed
rezaansyed reviewed Dec 7, 2023
View reviewed changes
lib/shopify_api/auth/oauth.rb Outdated
requested_token_type: RequestedTokenType,
).returns(ShopifyAPI::Auth::Session)
end
def token_exchange(shop:, session_token:, requested_token_type:)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we move this into a different file? (ex: lib/shopify_api/auth/token_exchange.rb). The purpose of the oauth.rb file seems to be to handle the auth code flow.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya, I see the intent for moving this into its own file and like that idea. The confusing part is token exchange still is oauth. This oauth.rb file should probably be renamed to auth_code_flow.rb to follow remix pattern.

Copy link
Contributor Author

@gbzodek gbzodek Jan 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have moved the token exchange to its own module and extracted the logic to create a Session from the access token response, which is shared by both auth code and token exchange flows.

@nelsonwittwer I did not rename oauth.rb to avoid a breaking change for now. It also follows the same naming as shopify-api-js file. But if you think that's worth a breaking change, I am happy to do it.

rezaansyed
rezaansyed approved these changes Dec 7, 2023
View reviewed changes
Copy link
Contributor

@rezaansyed rezaansyed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments around file organization but the implementation looks great! Thanks for doing this! 🎉

nelsonwittwer
nelsonwittwer approved these changes Dec 14, 2023
View reviewed changes
Copy link
Contributor

@nelsonwittwer nelsonwittwer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this look great! We are assuming most of the work will be done on the app gem / middleware side of things. Love how simple this will be!

lib/shopify_api/auth/oauth.rb Outdated
requested_token_type: RequestedTokenType,
).returns(ShopifyAPI::Auth::Session)
end
def token_exchange(shop:, session_token:, requested_token_type:)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya, I see the intent for moving this into its own file and like that idea. The confusing part is token exchange still is oauth. This oauth.rb file should probably be renamed to auth_code_flow.rb to follow remix pattern.

@gbzodek
Copy link
Contributor Author

gbzodek commented Dec 14, 2023

Thanks @nelsonwittwer and @rezaansyed for the review! I will address the comments right after the Christmas break, as I have a few other things to finish before that.

@gbzodek gbzodek force-pushed the token-exchange branch 3 times, most recently from 7ddf785 to 00c0511 Compare January 2, 2024 13:49
@gbzodek gbzodek requested a review from nelsonwittwer January 2, 2024 13:50
paulomarg
paulomarg approved these changes Jan 16, 2024
View reviewed changes
lib/shopify_api/auth/session.rb Outdated
@@ -89,6 +89,32 @@ def temp(shop:, access_token:, &blk)
end
end

sig { params(shop: String, access_token_response: Oauth::AccessTokenResponse).returns(Session) }
def for(shop:, access_token_response:)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love this method!

@gbzodek gbzodek force-pushed the token-exchange branch 3 times, most recently from 3723a8a to 4837de6 Compare January 17, 2024 14:16
@gbzodek gbzodek merged commit 79ca4e2 into main Jan 17, 2024
7 checks passed
@gbzodek gbzodek deleted the token-exchange branch January 17, 2024 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulomarg paulomarg paulomarg approved these changes

@rezaansyed rezaansyed rezaansyed approved these changes

@nelsonwittwer nelsonwittwer Awaiting requested review from nelsonwittwer

Assignees

@gbzodek gbzodek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gbzodek @nelsonwittwer @rezaansyed @paulomarg