shopify-token-store
v0.1.1
Published
A library to quickly obtain and store shopify access tokens
Downloads
7
Readme
Shopify Token Store
Obtain and store shopify access tokens :closed_lock_with_key:
:warning: The API is not yet stable.
yarn add shopify-token-store
npm i shopify-token-store
API
The module exports a class that allows to create access token stores. Store instances have methods that allows to obtain an access token according to the OAuth flow.
new ShopifyTokenStore(options)
Creates a new ShopifyTokenStore
instance.
options
apiKey
- Required - A string that specifies the API key of your app.sharedSecret
- Required - A string that specifies the shared secret of your app.redirectUri
- Required - A string that specifies the URL where you want to redirect the users after they authorize the app.scopes
- Optional - An array of strings or a comma-separated string that specifies the list of scopes e.g."read_products,write_products"
. Defaults to"read_content"
.storeStrategy
- Optional - ATokenStoreStrategy
that defines how the token will be stored. Defaults toMemoryStrategy
(:warning: Not suitable for production).timeout
- Optional - Anumber
of milliseconds to wait when sending a request to Shopify (e.g. request the access token). Defaults to 60000 (1 minute).
Return value
A ShopifyTokenStore
instance.
Exceptions
Throws an Error
exception if the required options are missing.
Example
import ShopifyTokenStore from "shopify-token-store";
const shopifyTokenStore = new ShopifyTokenStore({
sharedSecret: process.env.SHOPIFY_APP_SECRET,
redirectUri: url.resolve(
process.env.SHOPIFY_APP_ORIGIN,
"/shopify/auth/callback"
),
apiKey: process.env.SHOPIFY_APP_KEY,
scopes: ["read_products", "write_products"]
});
shopifyTokenStore.generateNonce()
Generates a random nonce.
Return value
A string
representing a nonce.
Example
const nonce = shopifyToken.generateNonce();
console.log(nonce);
// => 212a8b839860d1aefb258aaffcdbd63f
shopifyToken.generateAuthorizationUrl(shopName, options)
Returns the authorization URL where you should redirect the user.
shopName
A string
representing the name of the user's shop e.g. a-store-name
.
options
scopes
- Optional - AnArray<string>
to override the default list of scopes.nonce
- Optional - Astring
representing a nonce. If not provided it will be generated automatically.
Return value
A string
representing the URL where the user should be redirected.
Example
const authUrl = shopifyTokenStore.generateAuthorizationUrl(shopName, { nonce });
console.log(authUrl);
// => https://a-store-name.myshopify.com/admin/oauth/authorize?scope=read_content&state=619f7e27dd47cc9twp0ad04e93754k81&redirect_uri=https%3A%2F%2Flocalhost%3A3000%2Fcallback&client_id=b35d23b9b6f2b65f3896c954ra8e2443
shopifyTokenStore.verifyHMAC(query)
Verify that a request came from Shopify. It can be used to validate a webhook or
a request to the redirectUri
.
query
An object
representing the request query. It should contain at least the
following keys:
code
- Astring
representing the authorization code.hmac
- Astring
representing the request HMAC.shop
- Astring
representing the shop domain e.g.a-store-name.myshopify.com
timestamp
- Astring
representing the timestamp of the request.
Return value
A boolean
that is true
if the hmac
is valid.
Example
if (shopifyTokenStore.verifyHMAC(request.query)) {
// The request is valid
}
shopifyTokenStore.getAccessToken(shop, code)
When redirectUri
gets called, the request query will contain shop
and code
parameters that we can use to obtain the access token.
shop
A string
representing the hostname of the shop (e.g.
a-store-name.myshopify.com
).
code
A string
representing the authorization code.
Return value
A Promise
that resolves to a string
representing the access token.
Example
const { shop, code } = request.query;
const accessToken = await shopifyTokenStore.getAccessToken(shop, code);
shopifyTokenStore.store(userId, shopName, accessToken)
Use this method to store a new access token (the behaviour changes according to
the configured storeStrategy
).
userId
A string
representing the id that uniquely identify the user.
The user id can be for example a JWT token stored in the client localStorage.
shopName
A string
representing the shop name (e.g. a-shop-name
).
accessToken
A string
representing the access token.
Return value
A Promise
.
Example
await shopifyTokenStore.store(userId, shopName, accessToken);
shopifyTokenStore.getByUserId(userId)
Get the access token associated to the user.
userId
A string
representing the id that uniquely identify the user.
Return value
A Promise
that resolves to a string
that represents an access token.
Example
const accessToken = await shopifyTokenStore.getByUserId(userId);
shopifyTokenStore.getByShopName(shopName)
Get the access token associated to a shop name.
shopName
This is useful when we need to process webhooks.
Return value
A Promise
that resolves to a string
that represents an access token.
Example
const accessToken = await shopifyTokenStore.getByShopName(shopName);
Roadmap
- [x] Implement shopify access token offline mode
- [x] Implement basic memory strategy
- [ ] Implement MongoDB strategy
- [ ] Implement API credential rotation
- [ ] Implement shopify access token online mode