npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

shopify-token-store

v0.1.1

Published

A library to quickly obtain and store shopify access tokens

Downloads

7

Readme

Shopify Token Store

Obtain and store shopify access tokens :closed_lock_with_key:

npm

:warning: The API is not yet stable.

yarn add shopify-token-store
npm i shopify-token-store

API

The module exports a class that allows to create access token stores. Store instances have methods that allows to obtain an access token according to the OAuth flow.

new ShopifyTokenStore(options)

Creates a new ShopifyTokenStore instance.

options

  • apiKey - Required - A string that specifies the API key of your app.
  • sharedSecret - Required - A string that specifies the shared secret of your app.
  • redirectUri - Required - A string that specifies the URL where you want to redirect the users after they authorize the app.
  • scopes - Optional - An array of strings or a comma-separated string that specifies the list of scopes e.g. "read_products,write_products". Defaults to "read_content".
  • storeStrategy - Optional - A TokenStoreStrategy that defines how the token will be stored. Defaults to MemoryStrategy (:warning: Not suitable for production).
  • timeout - Optional - A number of milliseconds to wait when sending a request to Shopify (e.g. request the access token). Defaults to 60000 (1 minute).

Return value

A ShopifyTokenStore instance.

Exceptions

Throws an Error exception if the required options are missing.

Example

import ShopifyTokenStore from "shopify-token-store";

const shopifyTokenStore = new ShopifyTokenStore({
	sharedSecret: process.env.SHOPIFY_APP_SECRET,
	redirectUri: url.resolve(
		process.env.SHOPIFY_APP_ORIGIN,
		"/shopify/auth/callback"
	),
	apiKey: process.env.SHOPIFY_APP_KEY,
	scopes: ["read_products", "write_products"]
});

shopifyTokenStore.generateNonce()

Generates a random nonce.

Return value

A string representing a nonce.

Example

const nonce = shopifyToken.generateNonce();

console.log(nonce);
// => 212a8b839860d1aefb258aaffcdbd63f

shopifyToken.generateAuthorizationUrl(shopName, options)

Returns the authorization URL where you should redirect the user.

shopName

A string representing the name of the user's shop e.g. a-store-name.

options

  • scopes - Optional - An Array<string> to override the default list of scopes.
  • nonce - Optional - A string representing a nonce. If not provided it will be generated automatically.

Return value

A string representing the URL where the user should be redirected.

Example

const authUrl = shopifyTokenStore.generateAuthorizationUrl(shopName, { nonce });

console.log(authUrl);
// => https://a-store-name.myshopify.com/admin/oauth/authorize?scope=read_content&state=619f7e27dd47cc9twp0ad04e93754k81&redirect_uri=https%3A%2F%2Flocalhost%3A3000%2Fcallback&client_id=b35d23b9b6f2b65f3896c954ra8e2443

shopifyTokenStore.verifyHMAC(query)

Verify that a request came from Shopify. It can be used to validate a webhook or a request to the redirectUri.

query

An object representing the request query. It should contain at least the following keys:

  • code - A string representing the authorization code.
  • hmac - A string representing the request HMAC.
  • shop - A string representing the shop domain e.g. a-store-name.myshopify.com
  • timestamp - A string representing the timestamp of the request.

Return value

A boolean that is true if the hmac is valid.

Example

if (shopifyTokenStore.verifyHMAC(request.query)) {
	// The request is valid
}

shopifyTokenStore.getAccessToken(shop, code)

When redirectUri gets called, the request query will contain shop and code parameters that we can use to obtain the access token.

shop

A string representing the hostname of the shop (e.g. a-store-name.myshopify.com).

code

A string representing the authorization code.

Return value

A Promise that resolves to a string representing the access token.

Example

const { shop, code } = request.query;
const accessToken = await shopifyTokenStore.getAccessToken(shop, code);

shopifyTokenStore.store(userId, shopName, accessToken)

Use this method to store a new access token (the behaviour changes according to the configured storeStrategy).

userId

A string representing the id that uniquely identify the user.

The user id can be for example a JWT token stored in the client localStorage.

shopName

A string representing the shop name (e.g. a-shop-name).

accessToken

A string representing the access token.

Return value

A Promise.

Example

await shopifyTokenStore.store(userId, shopName, accessToken);

shopifyTokenStore.getByUserId(userId)

Get the access token associated to the user.

userId

A string representing the id that uniquely identify the user.

Return value

A Promise that resolves to a string that represents an access token.

Example

const accessToken = await shopifyTokenStore.getByUserId(userId);

shopifyTokenStore.getByShopName(shopName)

Get the access token associated to a shop name.

shopName

This is useful when we need to process webhooks.

Return value

A Promise that resolves to a string that represents an access token.

Example

const accessToken = await shopifyTokenStore.getByShopName(shopName);

Roadmap

  • [x] Implement shopify access token offline mode
  • [x] Implement basic memory strategy
  • [ ] Implement MongoDB strategy
  • [ ] Implement API credential rotation
  • [ ] Implement shopify access token online mode