shopify_app 18.0.2 → 19.1.0

data/docs/Upgrading.md

@@ -1,9 +1,13 @@
-# Upgrading 
+# Upgrading
 
 This file documents important changes needed to upgrade your app's Shopify App version to a new major version.
 
 #### Table of contents
 
+[Upgrading to `v19.0.0`](#upgrading-to-v1900)
+
+[Upgrading to `v18.1.2`](#upgrading-to-v1812)
+
 [Upgrading to `v17.2.0`](#upgrading-to-v1720)
 
 [Upgrading to `v13.0.0`](#upgrading-to-v1300)
@@ -12,11 +16,102 @@ This file documents important changes needed to upgrade your app's Shopify App v
 
 [Upgrading from `v8.6` to `v9.0.0`](#upgrading-from-v86-to-v900)
 
+## Upgrading to `v19.0.0`
+
+This update moves API authentication logic from this gem to the [`shopify_api`](https://github.com/Shopify/shopify_api)
+gem.
+
+### High-level process
+
+- Delete `config/initializers/omniauth.rb` as apps no longer need to initialize `OmniAuth` directly.
+- Delete `config/initializers/user_agent.rb` as `shopify_app` will set the right `User-Agent` header for interacting
+  with the Shopify API. If the app requires further information in the `User-Agent` header beyond what Shopify API
+  requires, specify this in the `ShopifyAPI::Context.user_agent_prefix` setting.
+- Remove `allow_jwt_authentication=` and `allow_cookie_authentication=` invocations from
+  `config/initializers/shopify_app.rb` as the decision logic for which authentication method to use is now handled
+  internally by the `shopify_api` gem, using the `ShopifyAPI::Context.embedded_app` setting.
+- `v19.0.0` updates the `shopify_api` dependency to `10.0.0`. This version of `shopify_api` has breaking changes. See
+  the documentation for addressing these breaking changes on GitHub [here](https://github.com/Shopify/shopify_api#breaking-change-notice-for-version-1000).
+
+### Specific cases
+
+#### Shopify user id in session
+
+Previously, we set the entire app user object in the `session` object.
+As of v19, since we no longer save the app user to the session (but only the shopify user id), we now store it as `session[:shopify_user_id]`. Please make sure to update any references to that object.
+
+#### Webhook Jobs
+
+Add a new `handle` method to existing webhook jobs to go through the updated `shopify_api` gem.
+
+```ruby
+class MyWebhookJob < ActiveJob::Base
+  extend ShopifyAPI::Webhooks::Handler
+
+  class << self
+    # new handle function
+    def handle(topic:, shop:, body:)
+      # delegate to pre-existing perform_later function
+      perform_later(topic: topic, shop_domain: shop, webhook: body)
+    end
+  end
+
+  # original perform function
+  def perform(topic:, shop_domain:, webhook:)
+    # ...
+```
+
+#### Temporary sessions
+
+The new `shopify_api` gem offers a utility to temporarily create sessions for interacting with the API within a block.
+This is useful for interacting with the Shopify API outside of the context of a subclass of `AuthenticatedController`.
+
+```ruby
+ShopifyAPI::Auth::Session.temp(shop: shop_domain, access_token: shop_token) do |session|
+  # make invocations to the API
+end
+```
+
+Within a subclass of `AuthenticatedController`, the `current_shopify_session` function will return the current active
+Shopify API session, or `nil` if no such session is available.
+
+#### Setting up `ShopifyAPI::Context`
+
+The `shopify_app` initializer must configure the `ShopifyAPI::Context`. The Rails generator will
+generate a block in the `shopify_app` initializer. To do so manually, ensure the following is
+part of the `after_initialize` block in `shopify_app.rb`.
+
+```ruby
+Rails.application.config.after_initialize do
+  if ShopifyApp.configuration.api_key.present? && ShopifyApp.configuration.secret.present?
+    ShopifyAPI::Context.setup(
+      api_key: ShopifyApp.configuration.api_key,
+      api_secret_key: ShopifyApp.configuration.secret,
+      api_version: ShopifyApp.configuration.api_version,
+      host_name: URI(ENV.fetch('HOST', '')).host || '',
+      scope: ShopifyApp.configuration.scope,
+      is_private: !ENV.fetch('SHOPIFY_APP_PRIVATE_SHOP', '').empty?,
+      is_embedded: ShopifyApp.configuration.embedded_app,
+      session_storage: ShopifyApp::SessionRepository,
+      logger: Rails.logger,
+      private_shop: ENV.fetch('SHOPIFY_APP_PRIVATE_SHOP', nil),
+      user_agent_prefix: "ShopifyApp/#{ShopifyApp::VERSION}"
+    )
+
+    ShopifyApp::WebhooksManager.add_registrations
+  end
+end
+```
+
+## Upgrading to `v18.1.2`
+
+Version 18.1.2 replaces the deprecated EASDK redirect with an App Bridge 2 redirect when attempting to break out of an iframe. This happens when an app is installed, requires new access scopes, or re-authentication because the login session is expired.
+
 ## Upgrading to `v17.2.0`
 
 ### Different SameSite cookie attribute behaviour
 
-To support Rails  `v6.1`, the [`SameSiteCookieMiddleware`](/lib/shopify_app/middleware/same_site_cookie_middleware.rb) was updated to configure cookies to `SameSite=None` if the app is embedded. Before this release, cookies were configured to `SameSite=None` only if this attribute had not previously been set before.
+To support Rails `v6.1`, the [`SameSiteCookieMiddleware`](/lib/shopify_app/middleware/same_site_cookie_middleware.rb) was updated to configure cookies to `SameSite=None` if the app is embedded. Before this release, cookies were configured to `SameSite=None` only if this attribute had not previously been set before.
 
 ```diff
 # same_site_cookie_middleware.rb
@@ -33,32 +128,33 @@ change to how session stores work. Here are the steps to migrate to 13.x
 
 ### Changes to `config/initializers/shopify_app.rb`
 
-- *REMOVE* `config.per_user_tokens = [true|false]` this is no longer needed
-- *CHANGE* `config.session_repository = 'Shop'` To  `config.shop_session_repository = 'Shop'`
-- *ADD (optional)*  User Session Storage `config.user_session_repository = 'User'`
+- _REMOVE_ `config.per_user_tokens = [true|false]` this is no longer needed
+- _CHANGE_ `config.session_repository = 'Shop'` To `config.shop_session_repository = 'Shop'`
+- _ADD (optional)_ User Session Storage `config.user_session_repository = 'User'`
 
 ### Shop Model Changes (normally `app/models/shop.rb`)
 
--  *CHANGE* `include ShopifyApp::SessionStorage` to `include ShopifyApp::ShopSessionStorage`
+- _CHANGE_ `include ShopifyApp::SessionStorage` to `include ShopifyApp::ShopSessionStorage`
 
 ### Changes to the @shop_session instance variable (normally in `app/controllers/*.rb`)
 
-- *CHANGE* if you are using shop sessions, `@shop_session` will need to be changed to `@current_shopify_session`.
+- _CHANGE_ if you are using shop sessions, `@shop_session` will need to be changed to `@current_shopify_session`.
 
 ### Changes to Rails `session`
 
-- *CHANGE* `session[:shopify]` is no longer set. Use `session[:user_id]` if your app uses user based tokens, or `session[:shop_id]` if your app uses shop based tokens.
+- _CHANGE_ `session[:shopify]` is no longer set. Use `session[:user_id]` if your app uses user based tokens, or `session[:shop_id]` if your app uses shop based tokens.
 
 ### Changes to `ShopifyApp::LoginProtection`
 
 `ShopifyApp::LoginProtection`
 
 - CHANGE if you are using `ShopifyApp::LoginProtection#shopify_session` in your code, it will need to be
-changed to `ShopifyApp::LoginProtection#activate_shopify_session`
+  changed to `ShopifyApp::LoginProtection#activate_shopify_session`
 - CHANGE if you are using `ShopifyApp::LoginProtection#clear_shop_session` in your code, it will need to be
-changed to `ShopifyApp::LoginProtection#clear_shopify_session`
+  changed to `ShopifyApp::LoginProtection#clear_shopify_session`
 
 ### Notes
+
 You do not need a user model; a shop session is fine for most applications.
 
 ---
@@ -66,6 +162,7 @@ You do not need a user model; a shop session is fine for most applications.
 ## Upgrading to `v11.7.0`
 
 ### Session storage method signature breaking change
+
 If you override `def self.store(auth_session)` method in your session storage model (e.g. Shop), the method signature has changed to `def self.store(auth_session, *args)` in order to support user-based token storage. Please update your method signature to include the second argument.
 
 ---
@@ -75,14 +172,16 @@ If you override `def self.store(auth_session)` method in your session storage mo
 ### Configuration change
 
 Add an API version configuration in `config/initializers/shopify_app.rb`
-Set this to the version you want to run against by default. See [Shopify API docs](https://help.shopify.com/en/api/versioning) for versions available.
+Set this to the version you want to run against by default. See [Shopify API docs](https://help.shopify.com/api/versioning) for versions available.
+
 ```ruby
 config.api_version = '2019-04'
 ```
 
 ### Session storage change
 
-You will need to add an `api_version` method to your session storage object.  The default implementation for this is.
+You will need to add an `api_version` method to your session storage object. The default implementation for this is.
+
 ```ruby
 def api_version
   ShopifyApp.configuration.api_version
@@ -92,6 +191,7 @@ end
 ### Generated file change
 
 `embedded_app.html.erb` the usage of `shop_session.url` needs to be changed to `shop_session.domain`
+
 ```erb
 <script type="text/javascript">
   ShopifyApp.init({
@@ -104,7 +204,9 @@ end
   });
 </script>
 ```
+
 is changed to
+
 ```erb
 <script type="text/javascript">
   ShopifyApp.init({
@@ -122,5 +224,5 @@ is changed to
 
 You will need to also follow the ShopifyAPI [upgrade guide](https://github.com/Shopify/shopify_api/blob/master/README.md#-breaking-change-notice-for-version-700-) to ensure your app is ready to work with API versioning.
 
-[dashboard]:https://partners.shopify.com
-[app-bridge]:https://help.shopify.com/en/api/embedded-apps/app-bridge
+[dashboard]: https://partners.shopify.com
+[app-bridge]: https://shopify.dev/apps/tools/app-bridge

data/docs/shopify_app/engine.md

@@ -15,7 +15,7 @@ While you can customize the login view by creating a `/app/views/shopify_app/ses
 
 ```ruby
 ShopifyApp.configure do |config|
-  config.login_url = 'https://my.domain.com/nested/login'
+  config.login_url = 'https://example.com/nested/login'
 end
 ```
 
@@ -77,6 +77,6 @@ class ReviewsController < ApplicationController
 end
 ```
 
-Create your app proxy URL in the [Shopify Partners dashboard](https://partners.shopify.com/organizations), making sure to point it to `https://your_app_website.com/app_proxy`.
+Create your app proxy URL in the [Shopify Partners dashboard](https://partners.shopify.com/organizations), making sure to point it to `https://example.com/app_proxy`.
 
 ![Creating an App Proxy](/images/app-proxy-screenshot.png)

data/docs/shopify_app/handling-access-scopes-changes.md

@@ -1,5 +1,15 @@
 # Handling changes in access scopes
-The Shopify App gem provides handling changes to scopes for both shop/offline and user/online tokens. To enable your app to login via OAuth on scope changes, you can set the following configuration flag in your `config/initializers/shopify_app.rb`:
+## Updating the list of scopes the app requests
+
+Your app specifies the [access scopes](https://shopify.dev/api/usage/access-scopes) it requires in the Shopify App initializer, located at`config/initializers/shopify_app.rb`. To modify this list, update the comma-delimited configuration option:
+
+```ruby
+config.scope = "read_products,write_discounts"
+```
+
+## Requesting new scopes from merchants
+
+The Shopify App gem will automatically request new scopes from merchants for both shop/offline and user/online tokens. To enable your app to reauth via OAuth on scope changes, you can set the following configuration flag in your `config/initializers/shopify_app.rb`:
 ```ruby
 config.reauth_on_access_scope_changes = true
 ```

data/docs/shopify_app/script-tags.md

@@ -11,7 +11,7 @@ As with webhooks, ShopifyApp can manage your app's [ScriptTags](https://shopify-
 ```ruby
 ShopifyApp.configure do |config|
   config.scripttags = [
-    {event:'onload', src: 'https://my-shopifyapp.herokuapp.com/fancy.js'},
+    {event:'onload', src: 'https://example.com/fancy.js'},
     {event:'onload', src: ->(domain) { dynamic_tag_url(domain) } }
   ]
 end

data/docs/shopify_app/webhooks.md

@@ -12,7 +12,7 @@ ShopifyApp can manage your app's webhooks for you if you set which webhooks you
 ```ruby
 ShopifyApp.configure do |config|
   config.webhooks = [
-    {topic: 'carts/update', address: 'https://example-app.com/webhooks/carts_update'}
+    {topic: 'carts/update', address: 'https://example.com/webhooks/carts_update'}
   ]
 end
 ```
@@ -34,7 +34,7 @@ If you are only interested in particular fields, you can optionally filter the d
 ```ruby
 ShopifyApp.configure do |config|
   config.webhooks = [
-    {topic: 'products/update', address: 'https://example-app.com/webhooks/products_update', fields: ['title', 'vendor']}
+    {topic: 'products/update', address: 'https://example.com/webhooks/products_update', fields: ['title', 'vendor']}
   ]
 end
 ```
@@ -66,7 +66,7 @@ The WebhooksManager uses ActiveJob. If ActiveJob is not configured then by defau
 ShopifyApp can create webhooks for you using the `add_webhook` generator. This will add the new webhook to your config and create the required job class for you.
 
 ```
-rails g shopify_app:add_webhook -t carts/update -a https://example.com/webhooks/carts_update
+rails g shopify_app:add_webhook -t carts/update -a /webhooks/carts_update
 ```
 
 Where `-t` is the topic and `-a` is the address the webhook should be sent to.

data/lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+
+require "rails/generators/base"
 
 module ShopifyApp
   module Generators
     class AddAfterAuthenticateJobGenerator < Rails::Generators::Base
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
 
       hook_for :test_framework, as: :job, in: :rails do |instance, generator|
         instance.invoke(generator, [instance.send(:job_file_name)])
@@ -15,32 +16,32 @@ module ShopifyApp
 
         after_authenticate_job_config =
           "  config.after_authenticate_job = "\
-          "{ job: \"Shopify::AfterAuthenticateJob\", inline: false }\n"
+            "{ job: \"Shopify::AfterAuthenticateJob\", inline: false }\n"
 
         inject_into_file(
-          'config/initializers/shopify_app.rb',
+          "config/initializers/shopify_app.rb",
           after_authenticate_job_config,
-          before: 'end'
+          before: "end"
         )
 
         unless initializer.include?(after_authenticate_job_config)
           shell.say("Error adding after_authenticate_job to config. Add this line manually: "\
-                    "#{after_authenticate_job_config}", :red)
+            "#{after_authenticate_job_config}", :red)
         end
       end
 
       def add_after_authenticate_job
-        template('after_authenticate_job.rb', "app/jobs/#{job_file_name}_job.rb")
+        template("after_authenticate_job.rb", "app/jobs/#{job_file_name}_job.rb")
       end
 
       private
 
       def load_initializer
-        File.read(File.join(destination_root, 'config/initializers/shopify_app.rb'))
+        File.read(File.join(destination_root, "config/initializers/shopify_app.rb"))
       end
 
       def job_file_name
-        'shopify/after_authenticate'
+        "shopify/after_authenticate"
       end
     end
   end

data/lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module Shopify
   class AfterAuthenticateJob < ActiveJob::Base
     def perform(shop_domain:)

data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+
+require "rails/generators/base"
 
 module ShopifyApp
   module Generators
     class AddMarketingActivityExtensionGenerator < Rails::Generators::Base
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
 
       def generate_app_extension
         template("marketing_activities_controller.rb", "app/controllers/marketing_activities_controller.rb")
@@ -15,7 +16,7 @@ module ShopifyApp
 
       def generate_routes
         inject_into_file(
-          'config/routes.rb',
+          "config/routes.rb",
           optimize_indentation(routes, 2),
           after: "root :to => 'home#index'\n"
         )

data/lib/generators/shopify_app/add_webhook/add_webhook_generator.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+
+require "rails/generators/base"
 
 module ShopifyApp
   module Generators
     class AddWebhookGenerator < Rails::Generators::Base
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
       class_option :topic, type: :string, aliases: "-t", required: true
       class_option :address, type: :string, aliases: "-a", required: true
 
@@ -17,15 +18,15 @@ module ShopifyApp
         return if initializer.include?("config.webhooks")
 
         inject_into_file(
-          'config/initializers/shopify_app.rb',
+          "config/initializers/shopify_app.rb",
           "  config.webhooks = [\n  ]\n",
-          before: 'end'
+          after: /ShopifyApp\.configure.*\n/
         )
       end
 
       def inject_webhook_to_shopify_app_initializer
         inject_into_file(
-          'config/initializers/shopify_app.rb',
+          "config/initializers/shopify_app.rb",
           webhook_config,
           after: "config.webhooks = ["
         )
@@ -38,31 +39,31 @@ module ShopifyApp
       end
 
       def add_webhook_job
-        @job_file_name = job_file_name + '_job'
+        @job_file_name = job_file_name + "_job"
         @job_class_name = @job_file_name.classify
-        template('webhook_job.rb', "app/jobs/#{@job_file_name}.rb")
+        template("webhook_job.rb", "app/jobs/#{@job_file_name}.rb")
       end
 
       private
 
       def job_file_name
-        address.split('/').last
+        address.split("/").last
       end
 
       def load_initializer
-        File.read(File.join(destination_root, 'config/initializers/shopify_app.rb'))
+        File.read(File.join(destination_root, "config/initializers/shopify_app.rb"))
       end
 
       def webhook_config
-        "\n    {topic: '#{topic}', address: '#{address}', format: 'json'},"
+        "\n    { topic: \"#{topic}\", address: \"#{address}\" },"
       end
 
       def topic
-        options['topic']
+        options["topic"]
       end
 
       def address
-        options['address']
+        options["address"]
       end
     end
   end

data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt

@@ -1,5 +1,13 @@
 class <%= @job_class_name %> < ActiveJob::Base
-  def perform(shop_domain:, webhook:)
+  extend ShopifyAPI::Webhooks::Handler
+
+  class << self
+    def handle(topic:, shop:, body:)
+      perform_later(topic: topic, shop_domain: shop, webhook: body)
+    end
+  end
+
+  def perform(topic:, shop_domain:, webhook:)
     shop = Shop.find_by(shopify_domain: shop_domain)
 
     if shop.nil?

data/lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb

@@ -1,23 +1,24 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+
+require "rails/generators/base"
 
 module ShopifyApp
   module Generators
     class AppProxyControllerGenerator < Rails::Generators::Base
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
 
       def create_app_proxy_controller
-        template('app_proxy_controller.rb', 'app/controllers/app_proxy_controller.rb')
+        template("app_proxy_controller.rb", "app/controllers/app_proxy_controller.rb")
       end
 
       def create_app_proxy_index_view
-        copy_file('index.html.erb', 'app/views/app_proxy/index.html.erb')
+        copy_file("index.html.erb", "app/views/app_proxy/index.html.erb")
       end
 
       def add_app_proxy_route
         inject_into_file(
-          'config/routes.rb',
-          File.read(File.expand_path(find_in_source_paths('app_proxy_route.rb'))),
+          "config/routes.rb",
+          File.read(File.expand_path(find_in_source_paths("app_proxy_route.rb"))),
           after: "mount ShopifyApp::Engine, at: '/'\n"
         )
       end

data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
+
 class AppProxyController < ApplicationController
   include ShopifyApp::AppProxyVerification
 
   def index
-    render(layout: false, content_type: 'application/liquid')
+    render(layout: false, content_type: "application/liquid")
   end
 end

data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_route.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 namespace :app_proxy do
-  root action: 'index'
+  root action: "index"
   # simple routes without a specified controller will go to AppProxyController
 
   # more complex routes will go to controllers in the AppProxy namespace

data/lib/generators/shopify_app/authenticated_controller/authenticated_controller_generator.rb

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
-require 'rails/generators/base'
+require "rails/generators/base"
 
 module ShopifyApp
   module Generators
     class AuthenticatedControllerGenerator < Rails::Generators::Base
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
 
       def create_authenticated_controller
-        template('authenticated_controller.rb', 'app/controllers/authenticated_controller.rb')
+        template("authenticated_controller.rb", "app/controllers/authenticated_controller.rb")
       end
     end
   end

data/lib/generators/shopify_app/controllers/controllers_generator.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+
+require "rails/generators/base"
 
 module ShopifyApp
   module Generators
@@ -15,14 +16,14 @@ module ShopifyApp
       private
 
       def controllers
-        files_within_root('.', 'app/controllers/shopify_app/*.*')
+        files_within_root(".", "app/controllers/shopify_app/*.*")
       end
 
       def files_within_root(prefix, glob)
         root = "#{self.class.source_root}/#{prefix}"
 
         Dir["#{root}/#{glob}"].sort.map do |full_path|
-          full_path.sub(root, '.').gsub('/./', '/')
+          full_path.sub(root, ".").gsub("/./", "/")
         end
       end
     end

data/lib/generators/shopify_app/home_controller/home_controller_generator.rb

@@ -1,24 +1,24 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+
+require "rails/generators/base"
 
 module ShopifyApp
   module Generators
     class HomeControllerGenerator < Rails::Generators::Base
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
 
-      class_option :with_cookie_authentication, type: :boolean, default: false
-      class_option :embedded, type: :string, default: 'true'
+      class_option :embedded, type: :string, default: "true"
 
       def create_home_controller
-        template(home_controller_template, 'app/controllers/home_controller.rb')
+        template(home_controller_template, "app/controllers/home_controller.rb")
       end
 
       def create_products_controller
-        generate("shopify_app:products_controller") unless with_cookie_authentication?
+        generate("shopify_app:products_controller") if embedded? || embedded_app?
       end
 
       def create_home_index_view
-        template('index.html.erb', 'app/views/home/index.html.erb')
+        template("index.html.erb", "app/views/home/index.html.erb")
       end
 
       def add_home_index_route
@@ -28,25 +28,21 @@ module ShopifyApp
       private
 
       def embedded?
-        options['embedded'] == 'true'
+        options["embedded"] == "true"
       end
 
       def embedded_app?
         ShopifyApp.configuration.embedded_app?
       end
 
-      def with_cookie_authentication?
-        options['with_cookie_authentication']
-      end
-
       def home_controller_template
-        return 'unauthenticated_home_controller.rb' unless authenticated_home_controller_required?
+        return "unauthenticated_home_controller.rb" unless authenticated_home_controller_required?
 
-        'home_controller.rb'
+        "home_controller.rb"
       end
 
       def authenticated_home_controller_required?
-        with_cookie_authentication? || !embedded? || !embedded_app?
+        !embedded? || !embedded_app?
       end
     end
   end

data/lib/generators/shopify_app/home_controller/templates/home_controller.rb

@@ -6,8 +6,8 @@ class HomeController < AuthenticatedController
   before_action :set_host
 
   def index
-    @products = ShopifyAPI::Product.find(:all, params: { limit: 10 })
-    @webhooks = ShopifyAPI::Webhook.find(:all)
+    @products = ShopifyAPI::Product.all(limit: 10)
+    @webhooks = ShopifyAPI::Webhook.all
   end
 
   private

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -7,8 +7,12 @@
       rel="stylesheet"
       href="https://unpkg.com/@shopify/polaris@4.25.0/styles.min.css"
       />
-<% unless with_cookie_authentication? %>    <script>
+<% if embedded_app? %>    <script>
       document.addEventListener("DOMContentLoaded", async function() {
+        <% if ShopifyApp.use_importmap? %>
+          await import("lib/shopify_app")
+        <% end %>
+
         var SessionToken = window["app-bridge"].actions.SessionToken
         var app = window.app;
 
@@ -47,10 +51,10 @@
 <% end %>  </head>
   <body>
     <h2>Products</h2>
-<% unless with_cookie_authentication? %>    <div id="products"><br>Loading...</div><% else %>
+<% if embedded_app? %>    <div id="products"><br>Loading...</div><% else %>
     <ul>
       <%% @products.each do |product| %>
-        <li><%%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
+        <li><%%= link_to product.title, "https://#{@current_shopify_session.shop}/admin/products/#{product.id}", target: "_top" %></li>
       <%% end %>
     </ul>