[英]How to get the permanent token for Shopify (Rails)?
I am trying to authenticate my new Shopify app. 我正在尝试验证我的新Shopify应用。 First, my
authenticate
method redirects the shop owner to Shopify's authentication page: 首先,我的
authenticate
方法将商店所有者重定向到Shopify的身份验证页面:
def authenticate
ShopifyAPI::Session.setup({:api_key => "123", :secret => "456"})
session = ShopifyAPI::Session.new("someshop.myshopify.com")
redirect_to session.create_permission_url(["read_orders"], "https://myapp.com/shopify/post_authenticate?user=someshop")
end
Once the shop owner has approved the integration, the redirect uri triggers my post_authenticate
method: 商店所有者批准集成后,重定向uri会触发我的
post_authenticate
方法:
def post_authenticate
ShopifyAPI::Session.setup({:api_key => "123", :secret => "456"})
session = ShopifyAPI::Session.new("#{params[:user]}.myshopify.com")
token = session.request_token(:code => params[:code], :signature => params[:signature], :timestamp => params[:timestamp])
end
But the request_token
method returns the following error: 但是
request_token
方法返回以下错误:
#<ShopifyAPI::ValidationException: Invalid Signature: Possible malicious login>
I have read somewhere that you need to be in the same ShopifyAPI
session while doing all of this, but it does not say so in the documentation . 我已经读到某处您在执行所有这些操作时需要处于同一个
ShopifyAPI
会话中,但是在文档中并没有这么说。 And the example app takes a very different approach than the documentation. 该示例应用程序采用的方法与文档完全不同。
As per my comment, I utilize the omniauth methodology for authenticating. 根据我的评论,我使用omniauth方法进行身份验证。 Here's a gist of the code for reference.
这是代码要点,以供参考。 https://gist.github.com/agmcleod/7106363317ebd082d3df .
https://gist.github.com/agmcleod/7106363317ebd082d3df 。 Put all the snippets below.
将所有摘要放在下面。
class ApplicationController < ActionController::Base
protect_from_forgery
force_ssl
helper_method :current_shop, :shopify_session
protected
def current_shop
@current_shop ||= Shop.find(session[:shop_id]) if session[:shop_id].present?
end
def shopify_session
if current_shop.nil?
redirect_to new_login_url
else
begin
session = ShopifyAPI::Session.new(current_shop.url, current_shop.token)
ShopifyAPI::Base.activate_session(session)
yield
ensure
ShopifyAPI::Base.clear_session
end
end
end
end
In my login controller: 在我的登录控制器中:
def create
omniauth = request.env['omniauth.auth']
if omniauth && omniauth[:provider] && omniauth[:provider] == "shopify"
shop = Shop.find_or_create_by_url(params[:shop].gsub(/https?\:\/\//, ""))
shop.update_attribute(:token, omniauth['credentials'].token)
shopify_session = ShopifyAPI::Session.new(shop.url, shop.token)
session[:shop_id] = shop.to_param
redirect_to root_url
else
flash[:error] = "Something went wrong"
redirect_to root_url
end
end
config/initializers/omniauth.rb 配置/初始化/ omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :shopify, Settings.api_key, Settings.api_secret,
scope: 'write_products,write_script_tags,read_orders',
setup: lambda { |env| params = Rack::Utils.parse_query(env['QUERY_STRING'])
env['omniauth.strategy'].options[:client_options][:site] = "http://#{params['shop']}" }
end
Then in your routes file, map the create action of your session appropriately: 然后在您的路由文件中,适当映射会话的create操作:
match '/auth/shopify/callback', :to => 'login#create'
From there i use the shopify_session method as an around filter on the appropriate controllers. 从那里我将shopify_session方法用作适当控制器上的环绕过滤器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.