`@bluebeela/nextjs-shopify-auth`

Authenticate your Next.js app with Shopify.

Sister module to @shopify/shopify-express and @shopify/koa-shopify-auth, but for nextjs.

Missing features

Registering webhook
Listening to webhook

A example app without the webhook for the Build a Shopify app with Node and React tutorial is available here

Installation

$ npm install @bluebeela/nextjs-shopify-auth

Usage

This package exposes createShopifyAuth by default, authenticateShopifyPage, authenticateShopifyAPI, and NextShopifyApiRequest, as a named export.

import createShopifyAuth, {authenticateShopifyPage, authenticateShopifyAPI, NextShopifyApiRequest} from '@bluebeela/nextjs-shopify-auth';

createShopifyAuth

Returns a set of helpers that you will need to use in 4 different routes explained below.

const shopifyAuthOptions = {
  // your shopify app api key
  apiKey: process.env.SHOPIFY_API_KEY,
  // your shopify app secret
  secret: process.env.SHOPIFY_API_SECRET,
  // your app url
  appUrl: process.env.HOST,
  // if specified, mounts the routes off of the given path
  // eg. /api/shopify/auth, /api/shopify/auth/callback
  // defaults to ""
  prefix: "/api/shopify",
  // scopes to request on the merchants store
  scopes: ["read_products", "write_products"],
  // set access mode, default is "online"
  accessMode: "online",
  // callback for when auth is completed
  async afterAuth({
    shopOrigin,
    shopifyToken,
    shopifyAssociatedUser,
    req,
    res,
  }) {
    console.log(
      `We're authenticated on shop ${shopOrigin}: ${shopifyToken} with user ${JSON.stringify(
        shopifyAssociatedUser
      )}`
    );
    res.writeHead(302, { Location: `/` });
    res.end();
  },
};

const shopify = createShopifyAuth(shopifyAuthOptions);

in pages/api/example-api-route-you-want-to-protect.js

Simply add the authenticateShopifyAPI middleware to your route to verify that the request is secure.

import { authenticateShopifyAPI } from "@bluebeela/nextjs-shopify-auth";

export default authenticateShopifyAPI(async function helloWorld(req, res) {
  return await res.json({ hello: "world" });
});

in pages/protected-page.js

Simply add the authenticateShopifyPage middleware to your route to verify that the request is secure.

// random page
import { authenticateShopifyPage } from "@bluebeela/nextjs-shopify-auth";

export const getServerSideProps = authenticateShopifyPage(async (ctx) => {
  return { props: { hello: "world"}}
});

Required API routes

In a Next.js app, you will need to create these 5 routes:

/api/shopify/auth/callback
/api/shopify/auth/enable_cookies
/api/shopify/auth/index
/api/shopify/auth/inline
/api/shopify/verify-token

Theses files will need the following content for the authentication and verification processes to work as expected

/api/shopify/auth/callback

import shopify from "../../../../lib/shopify"; // lib is on the root dir

export default async function shopifyAuthCallback(req, res) {
	const { oAuthCallback } = shopify;

	await oAuthCallback(req, res);
}

/api/shopify/auth/enable_cookies

import shopify from "../../../../lib/shopify"; // lib is on the root dir

export default async function shopifyAuthEnableCookies(req, res) {
	const { enableCookies } = shopify;

	await enableCookies(req, res);
}

/api/shopify/auth/index

import {
  hasCookieAccess,
  shouldPerformInlineOAuth,
  grantedStorageAccess,
} from "@bluebeela/nextjs-shopify-auth";
import shopify from "../../../../lib/shopify"; // lib is on the root dir

export default async function shopifyAuthIndex(req, res) {
  const {
    enableCookiesRedirect,
    oAuthStart,
    topLevelOAuthRedirect,
    requestStorageAccess,
  } = shopify;

  if (!hasCookieAccess(req.cookies)) {
    await enableCookiesRedirect(req, res);
    return;
  }

  if (!grantedStorageAccess(req.cookies)) {
    await requestStorageAccess(req, res);
    return;
  }

  if (shouldPerformInlineOAuth(req.cookies)) {
    await oAuthStart(req, res);
    return;
  }

  await topLevelOAuthRedirect(req, res);
}

/api/shopify/auth/inline

import shopify from "../../../../lib/shopify"; // lib is on the root dir

export default async function shopifyAuthInline(req, res) {
  const { oAuthStart } = shopify;

  await oAuthStart(req, res);
}

/api/shopify/verify-token

This is a simple proxy route to avoid CORS issues we would face by hitting Shopify API from a different domain

export default async function verifyToken(req, res) {
  const { shopOrigin, shopifyToken } = req.cookies;

  const response = await fetch(
      `https://${shopOrigin}/admin/metafields.json`,
      {
        method: "GET",
        headers: {
          "Content-Type": "application/json",
          "X-Shopify-Access-Token": shopifyToken,
        },
      },
  );
  res.status(response.status).end();
}

Not getting redirected to my callback URL

First off, thanks for taking the time to put this together. I'm having trouble getting my app to redirect back to the permissions and install screen in Shopify.

My config.js

const shopifyAuthOptions = {
  apiKey: process.env.SHOPIFY_API_KEY,
  secret: process.env.SHOPIFY_API_SECRET,
  appUrl: process.env.HOST,
  // if specified, mounts the routes off of the given path
  // eg. /api/shopify/auth, /api/shopify/auth/callback
  // defaults to ""
  prefix: "/api/portal",
  scopes: ["read_products"],
  accessMode: "online",
  async afterAuth({
    shopOrigin,
    shopifyToken,
    shopifyAssociatedUser,
    req,
    res,
  }) {
    console.log(
      `We're authenticated on shop ${shopOrigin}: ${shopifyToken} with user ${JSON.stringify(
        shopifyAssociatedUser
      )}`
    );
    res.writeHead(302, { Location: `/` });
    res.end();
  },
};

const shopify = createShopifyAuth(shopifyAuthOptions);

export default shopify;

So far, so good. I want my app to use the /api/portal prefix. I've set up everything in /pages/api/portal according to the example project you provided.

I am a little confused when it comes to setting up the app in my Shopify Partner Portal.

For App URL I am using my base app URL, i.e. https://my-domain.vercel.app

For the Allowed Redirection URLs, this is the part I'm confused about.
Since all of the authentication is happening under the API routes should it be:
https://my-domain.vercel.app/api/portal/auth/callback or https://my-domain.vercel.app/auth/callback like the example?

I'm not sure what the prefix is actually doing to the routes.

Either one didn't work for me, I couldn't get the install screen to pop up.

Thanks!

bluebeel / nextjs-shopify-auth Goto Github PK

nextjs-shopify-auth's Introduction

@bluebeela/nextjs-shopify-auth

Missing features

Installation

Usage

createShopifyAuth

in pages/api/example-api-route-you-want-to-protect.js

in pages/protected-page.js

Required API routes

/api/shopify/auth/callback

/api/shopify/auth/enable_cookies

/api/shopify/auth/index

/api/shopify/auth/inline

/api/shopify/verify-token

nextjs-shopify-auth's People

Contributors

Stargazers

Watchers

Forkers

nextjs-shopify-auth's Issues

Recommend Projects

Recommend Topics

Recommend Org

`@bluebeela/nextjs-shopify-auth`