Shopify App Authorization

# Shopify App Authorization ###### tags: `ShowHue` >[name=鍾詔東] ## Official API - [GET] /admin/oauth/authorize (Frontend/Backend Send) - Let shopify's shop owner accept Install APP ([Shopify OAuth]) - Params | Key | Value | | ------------ | ---------------------------- | | clent_id | Shopify APP ID | | scope | Accessiable types of API | | redirect_url | Redirect URL After authorize | - [POST] /admin/oauth/access_token (Backend Send) - Params | Key | Value | | ------------- | ---------------------- | | client_id | Shopify APP ID | | client_secret | Shopify APP Secret Key | | code | Shop's authorized code | - Return | Key | Value | | ------------ | --------------------------------- | | access_token | Shopify signalture | | scopes | Approved accessiable types of API | - [GET] /admin/api/2021-10/shop.json - Body | Key | Value | | ------------ | ---------------------------- | | access_token | Permenet Access Token Before | - Return: Shop details ([Shopify Shop API]) ### Authorization Steps 1. Shop redirect from dashboard(or our backend) to install authorization - [x] Direct to Frontend - [ ] Direct to Backend ![](https://i.imgur.com/UpFNtog.png) 2. Shop authorize install and callback to our backend 3. Backend get shops permenet access token ***This is the only step can get access token, so access token must be saved.*** - [x] Auto Create an account with random password - [ ] Leave create account decision to frontend ![](https://i.imgur.com/NUdPB0K.png) 4. Rediect to our App with shopify signature and shop url - [x] Already auto create account is logged in - [ ] Ask if create account with this shopify's shop account or create with other email - [ ] Original dashboard register flow ### More Reference [1] Shopify OAuth: https://shopify.dev/apps/auth/oauth [2] More Shopify API functions: https://shopify.dev/api/admin-rest#top ### Require API [Login API] - Functions Check if this shop has an account - Params | key | value | | ---- | ------------------------ | | shop | Shopify's shop owner Url | | hamc | Shopify signature | - Response | key | value | | ------------ | --------------------------------------------- | | success | If account exist | | redirect url | if doesn't exist then return installation Url | [Auto Create Account API] - Function Use shopify shop, email create account and save access token - Params | key | value | | ---- | ------------------------ | | code | Access Token token | | hamc | Shopify signature | | shop | Shopify's shop owner Url | - Result: Redirect to Frontend [Delete Data API] - Function Delete users data - Params | key | value | | ---- | ------------------------ | | hamc | Shopify signature | | shop | Shopify's shop owner Url | - Result: return OK [Uninstall Account API] - Function Delete user - Params | key | value | | ---- | ------------------------ | | hamc | Shopify signature | | shop | Shopify's shop owner Url | ### Require Database Table Shopify Accounts: ``` schema:{ user_id: String, [reference: user ID] shop: String, access_token: String, } ``` ### Potential Scopes - read_orders - orders number - read-products - productInfo - productImages - collections - tags - write_products - productImages - read_customers - customer type ## Dashboard Connection to Shopify Store ### Flow 1. Login Dashboard account 2. Enter Shopify Shop Name 3. Shopify Store login page (At shopify website) [[shopify connection]] Shopify Login URL: ``` https://${shop_name}.myshopify.com?redirect_url={Shopify app install URL} ``` Shopify app install URL: ``` https://${shop_name}.myshopify.com/admin/oauth/authorize params: { client_id: <SHOPIFY APP KEY>, scope: <ACCESS SCOPES>, redirect_url: <BACKEND APP INSTALL URL>, state: <USERID || TOKEN>, } ``` 4. Backend Create Connect - Use ```state``` to target user and shopify shop - Get and Save Access Token - Redirect to Dashboard ### Required API [GET] shopify/app ``` { client_id: <SHOPIFY APP KEY>, scope: <ACCESS SCOPES>, redirect_url: <BACKEND APP INSTALL URL> } ``` [Shopify OAuth]: https://shopify.dev/apps/auth/oauth [Shopify Shop API]: https://shopify.dev/api/admin-rest/2021-10/resources/shop#top [shopify connection]: https://stackoverflow.com/questions/51454238/how-to-implement-shopify-customer-login-in-react-native-or-javascript Shopify OAuth: https://shopify.dev/apps/auth/oauth Data Remove/ uninstall API Format: https://shopify.dev/apps/webhooks/mandatory