Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: added support client credentials in shopify-api-js #2053

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Feature]: added support client credentials in shopify-api-js #2053

wants to merge 2 commits into from

Conversation

fwaadahmad1
Copy link

@fwaadahmad1 fwaadahmad1 commented Jan 31, 2025
edited
Loading

WHY are these changes introduced?

WHAT is this pull request doing?

  • No UI/UX Changes
  • Added support for expiry for offline tokens. (Still works for Offline Tokens with no expiry)
  • Introduces Client credentials token acquisition flow to shopify-api library.

What should the reviewers focus on?

  • Existing token_exchage and oauth flows both use create_session file, see that changes do not affect the current behaviour of the library.
  • create_session now supports expiration for both online and offline tokens.

Setup Instructions

  1. Setup a Spin instance with constellation partners:dev
    • Run spin up partners:dev --wait
  2. clone the client-creds-tophat app

Tophatting

Video

Tophatting Client Credentials token acquisition flow

  • if video is not enough, we can pair on tophatting together

Instructions

  1. Make sure the future flag in appConfig in shopify.server.js file looks like this
...
future: {
    unstable_newEmbeddedAuthStrategy: false,
    removeRest: true,
  },
...
  1. Install the app to your store, and check the database for an access_token with no expiry.
  2. Click the button initiate background job, in your app
    • This button will trigger a background job on the remix server that will initiate the client_credentials flow from shopify-api library and then save it to the database.
    • The logs for this api call can be seen in the app's console
  3. check the database for an access_token with expiry.
  4. Change the future flag in appConfig in shopify.server.js file as follows
    • No need to run shopify app dev again, the app hot reloads
...
future: {
    unstable_newEmbeddedAuthStrategy: true,
    removeRest: true,
  },
...
  1. Delete the token record from the database
  2. Click Generate a Product button in the app to trigger a server action which will in turn trigger the token acquisition flow as token is missing from db.
    • this flow will follow auth_code flow as config was updated as such
  3. Check the database for an access_token with no expiry.

Type of change

  • Patch: Bug (non-breaking change which fixes an issue)
  • Minor: New feature (non-breaking change which adds functionality)
  • Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

  • I have used pnpm changeset to create a draft changelog entry (do NOT update the CHANGELOG.md files manually)
  • I have added/updated tests for this change
  • I have documented new APIs/updated the documentation for modified APIs (for public APIs)

@fwaadahmad1 fwaadahmad1 force-pushed the fa/develop-app-access-608 branch from f9643db to c16c2cd Compare January 31, 2025 16:51
@fwaadahmad1 fwaadahmad1 marked this pull request as ready for review January 31, 2025 18:09
@fwaadahmad1 fwaadahmad1 requested a review from a team as a code owner January 31, 2025 18:09
rezaansyed
rezaansyed approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@rezaansyed rezaansyed left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎩 'd with Fwaad. LGTM! Would love to get the opinion of folks from Learn

@fwaadahmad1 fwaadahmad1 changed the title feat: added support client credentials in shopify-api-js [Feature]: added support client credentials in shopify-api-js Jan 31, 2025
lizkenyon
lizkenyon reviewed Feb 4, 2025
View reviewed changes
Copy link
Contributor

@lizkenyon lizkenyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general looks good! ⭐

Next step will be to add some documentation to the guides and references.

packages/apps/shopify-api/lib/auth/oauth/client-credentials.ts Outdated Show resolved Hide resolved
packages/apps/shopify-api/lib/auth/oauth/__tests__/oauth.test.ts Outdated Show resolved Hide resolved
@fwaadahmad1 fwaadahmad1 force-pushed the fa/develop-app-access-608 branch from 1840b86 to ff73160 Compare February 4, 2025 17:01
@fwaadahmad1 fwaadahmad1 force-pushed the fa/develop-app-access-608 branch from ff73160 to 86a1df6 Compare February 4, 2025 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lizkenyon lizkenyon lizkenyon left review comments

@rezaansyed rezaansyed rezaansyed approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fwaadahmad1 @lizkenyon @rezaansyed