skip to Main Content

I requested authorization for a public application to be able to access store data via the Shopify API.

The store successfully authorized my application via an authorization request URL such as

https://some-store.myshopify.com/admin/oauth/authorize?client_id=123abc&scope=read_inventory%2Cread_products&redirect_uri=http%3A%2F%mysite.com%2Fauth.php&state=123456

and the response was passed back to my application. This response (containing the code that can be exchanged for a permanent access token) was mishandled by my application (an error on the page meant that the access token was not stored).

Everything I read regarding requesting these tokens involves authorization by the store – but given the store has already authorized my application, passed back the code and that code has already successfully been exchanged for a token: is there a way my application can request that same token or a fresh one using my API keys given that the application is already authorized?

The only method I currently can find for requesting a token requires starting back at the beginning and fetching a code for exchange etc.

I working in PHP and using Luke Towers’ php shopify wrapper

This stage was completed successfully:

    function check_authorization_attempt()
{
    $data = $_GET;

    $api = new Shopify($data['shop'], [
        'api_key' => '123',
        'secret'  => '456',
    ]);

    $storedAttempt = null;
    $attempts = json_decode(file_get_contents('authattempts.json'));
    foreach ($attempts as $attempt) {
        if ($attempt->shop === $data['shop']) {
            $storedAttempt = $attempt;  
            break;
        }
    }

    return $api->authorizeApplication($storedAttempt->nonce, $data);
}

$response = check_authorization_attempt();

and I would have been able to read the access token from :

 $access_token = $response->access_token;

But this was the stage at which my application hit an error in accessing a database in which to write said token.

I cannot repeat it without repeating the auth request because the data in $_GET that’s passed to this function comes from Shopify’s response to the shop owner authorizing the access, and includes amoung other things the code for exchange.

2

Answers


  1. You have to re-ask for authorization. It is no one’s fault but yours that your persistence layer code was incorrect. So there is nothing you can do to change that. Ensure your code works. Since the client has no token in your App persistence layer, your App will retry the authorization token exchange. They do not have to delete your App first. So basically, the next time your client tries to use the App, YES they will asked to approve it, but who cares, they will, and you’ll get a good auth token to store. You have fixed your code (right), so that will work. You are one step closer to glory.

    Login or Signup to reply.
  2. Shopify does return the Permanent Access Token, but the ACCESS_MODE must be "Offline" for the token to be permanent.

    With ACCESS_MODE offline, your app receives the permanent access token
    to make requests whenever you want, without the user’s permission.

    Documentation:
    https://shopify.dev/tutorials/authenticate-with-oauth#step-2-ask-for-permission
    https://shopify.dev/concepts/about-apis/authentication#api-access-modes

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search