shopify_api 14.2.0 → 14.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/Gemfile.lock +1 -1
- data/docs/getting_started.md +17 -2
- data/lib/shopify_api/auth/jwt_payload.rb +11 -3
- data/lib/shopify_api/utils/session_utils.rb +24 -17
- data/lib/shopify_api/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0f2fd17eb9b42d6054e8b676c5d446cbc9890b7156f5c4b402a5efb776ad1421
|
|
4
|
+
data.tar.gz: 1deefc0fdcc79f57b70fb1fbeb2072916847b8d68c614b4b150dafd86f0ff6d5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3cfdd1a407afb83e8557d607c65dd74322a7ca944fe58b2b42d68a911917442f51c78a0a7e59759a4fca59ae063c7af253ad8a297614a409621c52e0baf60ee6
|
|
7
|
+
data.tar.gz: e218a6a5c77d9de8e3b0a755c0bcb1b4941bb5cfba503564ffa4ca0a59c19b76e8c0cb56cb1ee458091bd43004fa3b16c200fa4696b058a0b90c9c3475bd37d0
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,16 @@ Note: For changes to the API, see https://shopify.dev/changelog?filter=api
|
|
|
4
4
|
|
|
5
5
|
## Unreleased
|
|
6
6
|
|
|
7
|
+
## 14.3.0
|
|
8
|
+
- [#1312](https://github.com/Shopify/shopify-api-ruby/pull/1312) Use same leeway for `exp` and `nbf` when parsing JWT
|
|
9
|
+
- [#1314](https://github.com/Shopify/shopify-api-ruby/pull/1314)
|
|
10
|
+
- Add new session util method `SessionUtils::session_id_from_shopify_id_token`
|
|
11
|
+
- `SessionUtils::current_session_id` now accepts shopify Id token in the format of `Bearer this_token` or just `this_token`
|
|
12
|
+
- [#1315](https://github.com/Shopify/shopify-api-ruby/pull/1315) Add helper/alias methods to `ShopifyAPI::Auth::JwtPayload`:
|
|
13
|
+
- `shopify_domain` alias for `shop` - returns the sanitized shop domain
|
|
14
|
+
- `shopify_user_id` - returns the user Id (`sub`) as an Integer value
|
|
15
|
+
- `expires_at` alias for `exp` - returns the expiration time
|
|
16
|
+
|
|
7
17
|
## 14.2.0
|
|
8
18
|
- [#1309](https://github.com/Shopify/shopify-api-ruby/pull/1309) Add `Session#copy_attributes_from` method
|
|
9
19
|
|
data/Gemfile.lock
CHANGED
data/docs/getting_started.md
CHANGED
|
@@ -46,13 +46,28 @@ Session persistence is handled by the [ShopifyApp](https://github.com/Shopify/sh
|
|
|
46
46
|
#### Cookie
|
|
47
47
|
Cookie based authentication is not supported for embedded apps due to browsers dropping support for third party cookies due to security concerns. Non-embedded apps are able to use cookies for session storage/retrieval.
|
|
48
48
|
|
|
49
|
-
For *non-embedded* apps, you can pass the cookies into
|
|
49
|
+
For *non-embedded* apps, you can pass the cookies into:
|
|
50
|
+
- `ShopifyAPI::Utils::SessionUtils.current_session_id(nil, cookies, true)` for online (user) sessions or
|
|
51
|
+
- `ShopifyAPI::Utils::SessionUtils.current_session_id(nil, cookies, false)` for offline (store) sessions.
|
|
50
52
|
|
|
51
53
|
#### Getting Session ID From Embedded Requests
|
|
52
|
-
For *embedded* apps, you can pass the auth header into `ShopifyAPI::Utils::SessionUtils.current_session_id(auth_header, nil, true)` for online (user) sessions or `ShopifyAPI::Utils::SessionUtils.current_session_id(auth_header, nil, false)` for offline (store) sessions. This function needs an `auth_header` which is the `HTTP_AUTHORIZATION` header.
|
|
53
54
|
|
|
54
55
|
If your app uses client side rendering instead of server side rendering, you will need to use App Bridge's [authenticatedFetch](https://shopify.dev/docs/apps/auth/oauth/session-tokens/getting-started) to make authenticated API requests from the client.
|
|
55
56
|
|
|
57
|
+
For *embedded* apps:
|
|
58
|
+
|
|
59
|
+
If you have an `HTTP_AUTHORIZATION` header or `id_token` from the request URL params , you can pass that as `shopify_id_token` into:
|
|
60
|
+
- `ShopifyAPI::Utils::SessionUtils.current_session_id(shopify_id_token, nil, true)` for online (user) sessions or
|
|
61
|
+
- `ShopifyAPI::Utils::SessionUtils.current_session_id(shopify_id_token, nil, false)` for offline (store) sessions.
|
|
62
|
+
|
|
63
|
+
`current_session_id` accepts shopify_id_token in the format of `Bearer this_token` or just `this_token`.
|
|
64
|
+
|
|
65
|
+
You can also use this method to get session ID:
|
|
66
|
+
- `ShopifyAPI::Utils::SessionUtils::session_id_from_shopify_id_token(id_token: id_token, online: true)` for online (user) sessions or
|
|
67
|
+
- `ShopifyAPI::Utils::SessionUtils::session_id_from_shopify_id_token(id_token: id_token, online: false)` for offline (store) sessions.
|
|
68
|
+
|
|
69
|
+
`session_id_from_shopify_id_token` does **NOT** accept shopify_id_token in the format of `Bearer this_token`, you must pass in `this_token`.
|
|
70
|
+
|
|
56
71
|
#### Start Making Authenticated Shopify Requests
|
|
57
72
|
|
|
58
73
|
You can now start making authenticated Shopify API calls using the Admin [REST](usage/rest.md) or [GraphQL](usage/graphql.md) Clients or the [Storefront GraphQL Client](usage/graphql_storefront.md).
|
|
@@ -6,7 +6,8 @@ module ShopifyAPI
|
|
|
6
6
|
class JwtPayload
|
|
7
7
|
extend T::Sig
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
JWT_LEEWAY = 10
|
|
10
|
+
JWT_EXPIRATION_LEEWAY = JWT_LEEWAY
|
|
10
11
|
|
|
11
12
|
sig { returns(String) }
|
|
12
13
|
attr_reader :iss, :dest, :aud, :sub, :jti, :sid
|
|
@@ -14,6 +15,8 @@ module ShopifyAPI
|
|
|
14
15
|
sig { returns(Integer) }
|
|
15
16
|
attr_reader :exp, :nbf, :iat
|
|
16
17
|
|
|
18
|
+
alias_method :expire_at, :exp
|
|
19
|
+
|
|
17
20
|
sig { params(token: String).void }
|
|
18
21
|
def initialize(token)
|
|
19
22
|
payload_hash = begin
|
|
@@ -42,6 +45,12 @@ module ShopifyAPI
|
|
|
42
45
|
def shop
|
|
43
46
|
@dest.gsub("https://", "")
|
|
44
47
|
end
|
|
48
|
+
alias_method :shopify_domain, :shop
|
|
49
|
+
|
|
50
|
+
sig { returns(Integer) }
|
|
51
|
+
def shopify_user_id
|
|
52
|
+
@sub.to_i
|
|
53
|
+
end
|
|
45
54
|
|
|
46
55
|
# TODO: Remove before releasing v11
|
|
47
56
|
sig { params(shop: String).returns(T::Boolean) }
|
|
@@ -73,8 +82,7 @@ module ShopifyAPI
|
|
|
73
82
|
|
|
74
83
|
sig { params(token: String, api_secret_key: String).returns(T::Hash[String, T.untyped]) }
|
|
75
84
|
def decode_token(token, api_secret_key)
|
|
76
|
-
JWT.decode(token, api_secret_key, true,
|
|
77
|
-
{ exp_leeway: JWT_EXPIRATION_LEEWAY, algorithm: "HS256" })[0]
|
|
85
|
+
JWT.decode(token, api_secret_key, true, leeway: JWT_LEEWAY, algorithm: "HS256")[0]
|
|
78
86
|
rescue JWT::DecodeError => err
|
|
79
87
|
raise ShopifyAPI::Errors::InvalidJwtTokenError, "Error decoding session token: #{err.message}"
|
|
80
88
|
end
|
|
@@ -11,28 +11,16 @@ module ShopifyAPI
|
|
|
11
11
|
|
|
12
12
|
sig do
|
|
13
13
|
params(
|
|
14
|
-
|
|
14
|
+
shopify_id_token: T.nilable(String),
|
|
15
15
|
cookies: T.nilable(T::Hash[String, String]),
|
|
16
16
|
online: T::Boolean,
|
|
17
17
|
).returns(T.nilable(String))
|
|
18
18
|
end
|
|
19
|
-
def current_session_id(
|
|
19
|
+
def current_session_id(shopify_id_token, cookies, online)
|
|
20
20
|
if Context.embedded?
|
|
21
|
-
if
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
ShopifyAPI::Logger.warn("Missing Bearer token in authorization header")
|
|
25
|
-
raise Errors::MissingJwtTokenError, "Missing Bearer token in authorization header"
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
jwt_payload = Auth::JwtPayload.new(T.must(matches[1]))
|
|
29
|
-
shop = jwt_payload.shop
|
|
30
|
-
|
|
31
|
-
if online
|
|
32
|
-
jwt_session_id(shop, jwt_payload.sub)
|
|
33
|
-
else
|
|
34
|
-
offline_session_id(shop)
|
|
35
|
-
end
|
|
21
|
+
if shopify_id_token
|
|
22
|
+
id_token = shopify_id_token.gsub("Bearer ", "")
|
|
23
|
+
session_id_from_shopify_id_token(id_token: id_token, online: online)
|
|
36
24
|
else
|
|
37
25
|
# falling back to session cookie
|
|
38
26
|
raise Errors::CookieNotFoundError, "JWT token or Session cookie not found for app" unless
|
|
@@ -48,6 +36,25 @@ module ShopifyAPI
|
|
|
48
36
|
end
|
|
49
37
|
end
|
|
50
38
|
|
|
39
|
+
sig do
|
|
40
|
+
params(
|
|
41
|
+
id_token: T.nilable(String),
|
|
42
|
+
online: T::Boolean,
|
|
43
|
+
).returns(String)
|
|
44
|
+
end
|
|
45
|
+
def session_id_from_shopify_id_token(id_token:, online:)
|
|
46
|
+
raise Errors::MissingJwtTokenError, "Missing Shopify ID Token" if id_token.nil? || id_token.empty?
|
|
47
|
+
|
|
48
|
+
payload = Auth::JwtPayload.new(id_token)
|
|
49
|
+
shop = payload.shop
|
|
50
|
+
|
|
51
|
+
if online
|
|
52
|
+
jwt_session_id(shop, payload.sub)
|
|
53
|
+
else
|
|
54
|
+
offline_session_id(shop)
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
51
58
|
sig { params(shop: String, user_id: String).returns(String) }
|
|
52
59
|
def jwt_session_id(shop, user_id)
|
|
53
60
|
"#{shop}_#{user_id}"
|
data/lib/shopify_api/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 14.
|
|
4
|
+
version: 14.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shopify
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-04-
|
|
11
|
+
date: 2024-04-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|