discolabs / django-shopify-auth Goto Github PK

This was causing errors for my app because of document.body being null.

It looks like shopifyData it's not being used. Can this line be removed?

The embedded videos on your intro blog entry appear to have the wrong permissions set.

When I used @login_required decorator - everything is fine. But when I tried to access request.user.session drops me "UnauthorizedAccess error. Invalid API key or access token "

    with request.user.session:
        metafields = shopify.Metafield.find()

Edit: I found that user always have an empty token - "00000000000000000000000000000000".
SHOPIFY_APP_API_VERSION = "2019-10"
SHOPIFY_APP_IS_EMBEDDED = True
SHOPIFY_APP_DEV_MODE = False

I enabled SHOPIFY_APP_IS_EMBEDDED = True in settings. User enter shop_domain and click install. My app redirect user to the login form of shopify. After user logged in, I faced this error:

The url in address bar is: https://zamastuff.myshopify.com/admin/oauth/authorize?amp%3Bclient_id=[my cliend_id]&amp%3Bscope=read_products%2Cread_orders&redirect_uri=https%3A%2F%2F5f43bf5c.ngrok.io%2Flogin%2Ffinalize%2F

How to solve this error ?

Where possible, explicitly specify request.GET or request.POST.

If not, rewrite the code to make the order of precedence explicit (which is one of the reasons this feature was removed).

The lib works fine in Django 1.9 but I can't get it to work in Django 1.10+. When trying to install an app, I get the following error message in the authenticate step: TypeError: authenticate() missing 1 required positional argument: 'request'

Full stack trace:

Internal Server Error: /accounts/login/
Traceback (most recent call last):
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/django/core/handlers/exception.py", line 41, in inner
    response = get_response(request)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/django/core/handlers/base.py", line 187, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/django/core/handlers/base.py", line 185, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/shopify_auth/views.py", line 24, in login
    return authenticate(request, *args, **kwargs)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/shopify_auth/views.py", line 36, in authenticate
    return finalize(request, token='00000000000000000000000000000000', *args, **kwargs)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/shopify_auth/views.py", line 69, in finalize
    user = auth.authenticate(myshopify_domain=shopify_session.url, token=shopify_session.token)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/django/contrib/auth/__init__.py", line 70, in authenticate
    user = _authenticate_with_backend(backend, backend_path, request, credentials)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/django/contrib/auth/__init__.py", line 115, in _authenticate_with_backend
    return backend.authenticate(*args, **credentials)
  File "/Users/kepper/.pyenv/versions/3.6.1/envs/shopify/lib/python3.6/site-packages/shopify_auth/backends.py", line 10, in authenticate
    user = super(ShopUserBackend, self).authenticate(remote_user=myshopify_domain)
TypeError: authenticate() missing 1 required positional argument: 'request'
[23/Nov/2017 22:20:27] "POST /accounts/login/?next=/ HTTP/1.1" 500 105165

Hi,
I'm getting this error after installing app:
django.db.utils.DataError: (1406, "Data too long for column 'token' at row 1")

seems that the token have some prefix:
shpat_036ca812b82d3ff34f68a3e9159*****

• I'm using the latest API version 10_2020
  ** when I'm changing the table column auth_app_authappshopuser.token itself to 38 chars the process went smoothly.

Getting the list of shop metaifleds works great if running on the server in a simple Django view:

def my_view(request):
    with request.user.session:
        shop = shopify.Shop().current()
        print(shop.metafields())    # returns [(metafield(1232543), metafields(143534534), etc]

However, if I do something like this (don't panic, I'm just experimenting) in an AJAX handler, it returns an empty array.

@csrf_exempt
def proxy_request(request):
    shop_user = AuthAppShopUser.objects.get(myshopify_domain=site)
    user = auth.authenticate(request=request, myshopify_domain=site, token=shop_user.token)
    if user:
        auth.login(request, user)
        
        with request.user.session:
            shop = shopify.Shop().current()
            print(shop.metafields())   # returns []

Thank you for any insight!

When I'm trying run python manage.py createsuperuser
I'm getting:
Traceback (most recent call last):
File "manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/Users/alex/virtualenvs/shopdemo/lib/python3.5/site-packages/django/core/management/init.py", line 350, in execute_from_command_line
utility.execute()
File "/Users/alex/virtualenvs/shopdemo/lib/python3.5/site-packages/django/core/management/init.py", line 342, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/Users/alex/virtualenvs/shopdemo/lib/python3.5/site-packages/django/core/management/base.py", line 348, in run_from_argv
self.execute(*args, **cmd_options)
File "/Users/alex/virtualenvs/shopdemo/lib/python3.5/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 52, in execute
return super(Command, self).execute(*args, **options)
File "/Users/alex/virtualenvs/shopdemo/lib/python3.5/site-packages/django/core/management/base.py", line 399, in execute
output = self.handle(*args, **options)
File "/Users/alex/virtualenvs/shopdemo/lib/python3.5/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 173, in handle
self.UserModel._default_manager.db_manager(database).create_superuser(**user_data)
TypeError: create_superuser() missing 1 required positional argument: 'domain'

Is there any chance to get access to admin side?

Hello! I'm updating an app that uses this package to use session token auth instead of cookies, and after investigating a redirect loop, I think I've discovered that the "finalize" view used for session token auth doesn't log a user in the way the cookie-based auth views do.

shopify_auth.views.finalize() has the lines:

user = auth.authenticate(request=request, myshopify_domain=shopify_session.url, token=shopify_session.token)
if user:
    auth.login(request, user)

but shopify_auth.session_tokens.views.FinalizeAuthView.get() doesn't have this code. Adding those lines into the view seems to log in the user and make the app behave as intended.

Is this a valid issue and a potential fix or am I using the auth views in an unintended manner? Thanks in advance so much for the help.

Hi and thanks a lot for sharing the package.
I am developing on the latest django (2.1) and I am using ngrok to develop locally, following your example for settings.py (except for the TEMPLATE_CONTEXT_PROCESSORS setting that now lives under the TEMPLATES)

I got stuck because my app didn't seem to authenticate properly.

After some hours of research I found that a new setting "SESSION_COOKIE_SAMESITE" which is new in django 2.1 prevented the session-based login to work, resulting in an infinite redirect loop.

To recap: with django 2.1+ you must set

SESSION_COOKIE_SAMESITE = False

Probably this should be mentioned in the README

Best regards
Mauro

The documentation says SESSION_COOKIE_SAMESITE = False for Django >=2.1
This needs to be changed to SESSION_COOKIE_SAMESITE = 'Lax' for Django>=3.0

So, when we finish the stage "Checking cookies", we get redirected to our application page NOT inside an iframe. Is there a way to not leave the Shopify Admin and be fully embedded?

# Shopify App Setup
App URL: https://myapp.com/
Whitelisted Redirect URL(s): https://myapp.com/shopify/finalize/

# setttings.py
LOGIN_URL = '/shopify/login/'
LOGIN_REDIRECT_URL = '/'

shopify_auth.views are default.

When using several shop in the same browser, request.user is set incorrectly (cookie is the same).
I will try to look at this bug, this is because the app use session auth I think. We need to user hmac auth.

I am wondering if anyone has already done the legwork in integrating the Shopify Billing API, while also using the shopify-auth package.

I'm trying to figure out how I would make API requests if the request didn't originate from an authenticated user (when receiving a webhook, for example). I've looked at shopify-sync and shopify-webhook and couldn't find anything to that regard.

As per this forum thread, Shopify signatures are now generated with a SHA256 HMAC instead of MD5.

The current implementation will continue to work until June 1st, 2015.

Commit efcce8 introduced a regression in the oauth code:

https://github.com/discolabs/django-shopify-auth/blob/master/shopify_auth/views.py#L33

shop = request.GET.get('shop') should be request.POST.get('shop', request.GET.get('shop')) as the HTML form has a POST action rather than a GET and is also linked to as a GET request via the redirection URL.

An email went out to Shopify Partners recently that outlined changes that must be made to Shopify Embedded App OAuth to ensure compatiblity with upcoming releases of Chrome:

https://help.shopify.com/api/sdks/embedded-app-sdk/getting-started#oauth

django: 1.10.2
This was sorted just after I added a name property to the finalize URL.

Can you push a fix that includes name for each function?

It's probably something with my configuration, so I'm attempting to start a fresh app to see if it runs cleanly, but for some reason I am currently getting this error:

ModuleNotFoundError: No module named 'shopify_auth_urls'

I initially though it might be a typo in the import string (since the old version uses shopfiy_auth.urls but that doesn't appear to be the case either.

Full trace:

Unhandled exception in thread started by <_pydev_bundle.pydev_monkey._NewThreadStartupWithTrace object at 0x1072c4e10>
Traceback (most recent call last):
  File "/Applications/PyCharm.app/Contents/helpers/pydev/_pydev_bundle/pydev_monkey.py", line 589, in __call__
    return self.original_func(*self.args, **self.kwargs)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/utils/autoreload.py", line 225, in wrapper
    fn(*args, **kwargs)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/core/management/commands/runserver.py", line 120, in inner_run
    self.check(display_num_errors=True)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/core/management/base.py", line 364, in check
    include_deployment_checks=include_deployment_checks,
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/core/management/base.py", line 351, in _run_checks
    return checks.run_checks(**kwargs)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/core/checks/registry.py", line 73, in run_checks
    new_errors = check(app_configs=app_configs)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/core/checks/urls.py", line 40, in check_url_namespaces_unique
    all_namespaces = _load_all_namespaces(resolver)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/core/checks/urls.py", line 57, in _load_all_namespaces
    url_patterns = getattr(resolver, 'url_patterns', [])
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/utils/functional.py", line 36, in __get__
    res = instance.__dict__[self.name] = self.func(instance)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/urls/resolvers.py", line 536, in url_patterns
    patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/utils/functional.py", line 36, in __get__
    res = instance.__dict__[self.name] = self.func(instance)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/urls/resolvers.py", line 529, in urlconf_module
    return import_module(self.urlconf_name)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 994, in _gcd_import
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/Users/owen/Documents/code/sotd/sotd/urls.py", line 28, in <module>
    path('login/', include('shopify_auth_urls')),
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/site-packages/django/urls/conf.py", line 34, in include
    urlconf_module = import_module(urlconf_module)
  File "/Users/owen/.virtualenvs/sotd/lib/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 994, in _gcd_import
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 953, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'shopify_auth_urls'

Hello, I am trying to update to the new version 1.0.1 but it looks like the ua-parser module is not being included in requirements.txt. Even after installing ua-parser module locally, the users of my app cannot get around the third party cookie check on Chrome and Safari. Firefox seems to work though.

Traceback:

Exception in thread django-main-thread:
Traceback (most recent call last):
  File "/Users/nicholasbelow/tatari-shopify-app/.venv/lib/python3.7/site-packages/django/core/servers/basehttp.py", line 45, in get_internal_wsgi_application
    return import_string(app_path)
  File "/Users/nicholasbelow/tatari-shopify-app/.venv/lib/python3.7/site-packages/django/utils/module_loading.py", line 17, in import_string
    module = import_module(module_path)
  File "/usr/local/Cellar/python/3.7.5/Frameworks/Python.framework/Versions/3.7/lib/python3.7/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
  File "<frozen importlib._bootstrap>", line 983, in _find_and_load
  File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 728, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/Users/nicholasbelow/tatari-shopify-app/tatari_shopify/wsgi.py", line 19, in <module>
    application = get_wsgi_application()
  File "/Users/nicholasbelow/tatari-shopify-app/.venv/lib/python3.7/site-packages/django/core/wsgi.py", line 13, in get_wsgi_application
    return WSGIHandler()
  File "/Users/nicholasbelow/tatari-shopify-app/.venv/lib/python3.7/site-packages/django/core/handlers/wsgi.py", line 127, in __init__
    self.load_middleware()
  File "/Users/nicholasbelow/tatari-shopify-app/.venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 40, in load_middleware
    middleware = import_string(middleware_path)
  File "/Users/nicholasbelow/tatari-shopify-app/.venv/lib/python3.7/site-packages/django/utils/module_loading.py", line 17, in import_string
    module = import_module(module_path)
  File "/usr/local/Cellar/python/3.7.5/Frameworks/Python.framework/Versions/3.7/lib/python3.7/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
  File "<frozen importlib._bootstrap>", line 983, in _find_and_load
  File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 728, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/Users/nicholasbelow/tatari-shopify-app/.venv/lib/python3.7/site-packages/shopify_auth/cookies_middleware.py", line 2, in <module>
    from ua_parser import user_agent_parser
ModuleNotFoundError: No module named 'ua_parser'

Operational error
No such table djangoappname_customuserclass ( the one which inherits AbstractShopUser )

I followed the instructions as mentioned in readme. The code breaks once i click install app from the developer-store admin page.

I have made the migrations as well. Is there any update which I am possibly missing ?

Do you have a recommended way for handling a user that has the Shopify App (eg. myapp) installed in multiple stores. Once the user authenticates using the oAuth credentials of one store the myapp session is maintained even when the second store (via Embed SDK) is accessing myapp.

If there isn't a recommended way of handling this, maybe the login_required decorator could be modified to support kicking off re-authentication when the current session's shop doesn't match the shopify_params shop? Currently, the wrapper begins with

    if request.user.is_authenticated():
        return f(request, *args, **kwargs)

Any suggestions would be greatly appreciated.

i've added the decorator to my index view:

from django.shortcuts import render
from shopify_auth.decorators import login_required

@login_required
def index(request, *args, **kwargs):
    products = []
    return render(request, "dst_app/home.html", {
        'products': products,
    })

But getting this error:

'QueryDict' object has no attribute 'iteritems'
on line 50 of:
C:\Dev\Python\Python35\lib\site-packages\shopify_auth\decorators.py in wrapper
            for k, v in request.GET.iteritems() 

I want to register some webhooks when my app is installed, and it isn't immediately clear of this workflow is only followed on install, or periodically.

I have localhost routing through ngrok as per the tutorial. I visit the ngrok URL, enter in my test shop ID, submit, and then install the app after redirection.

Then, I uninstall the app from the test shop admin. When I visit the ngrok URL again, the app redirects me to the old app URL, and shopify tells me that the page I'm looking for could not be found.

Is this intended behavior? Is there any way of knowing if a user has uninstalled an app without reacting to a webhook?

I am getting an 'Oauth error invalid_request: Could not find Shopify API application with api_key' error.

My app creates a permission URL that works when I enter it directly into the address bar, for example:
https://storename.myshopify.com/admin/oauth/authorize?scope=read_products%2Cread_orders%2Cwrite_orders&redirect_uri=https%3A%2F%2Fmyappurl.com%2Flogin%2Ffinalize%2F&client_id=[...some client id...]

However, when authentication is not passed directly from Shopify to my app, but the user logs in manually to my app by entering there store url in my login form, then I am redirected to the Shopify login page (https://storename.myshopify.com/admin/auth/login) and after logging in Shopify seems to change the passed urlencoded permission by changing the above example like so:

Shopify changes the URL from above, and changes the URL to:
https://storename.myshopify.com/admin/oauth/authorize?**amp%3B**client_id=[...some client id...]&amp%3Bredirect_uri=https%3A%2F%2Fmyappurl.com%2Flogin%2Ffinalize%2F&scope=read_products%2Cread_orders%2Cwrite_orders

Why could this occur? I have traced my code as far as I can, and I seem to be passing the properly constructed url to Shopify...

If I manually remove the double '&' characters and hit enter then I don't get an error. Is this because my app is not urlencoded '&' into 'amp%3B'? (I will experiment and see if I can change this)

Hi,

the first look in the PR looked fine, I just stumbled across an error in the ShopifyTokenAuthentication(BaseAuthentication) class. I had it overwritten (and still have) for a bit of customization, so I did not realize at first until I merged in your latest changes.

BaseAuthentication's return value is expected to be a tuple of length two:

class BaseAuthentication:
    """
    All authentication classes should extend BaseAuthentication.
    """

    def authenticate(self, request):
        """
        Authenticate the request and return a two-tuple of (user, token).
        """

The current implementation returns "just" the user which leads to an error when trying to unpack that tuple.

class ShopifyTokenAuthentication(BaseAuthentication):
    keyword = "Bearer"

    @staticmethod
    def get_hostname(url):
        return urlparse(url).netloc

    def authenticate(self, request):
        UserModel = get_user_model()
        auth = get_authorization_header(request).split()
        if not auth or auth[0].lower() != self.keyword.lower().encode():
            return None
        if len(auth) == 1:
            msg = "Invalid token header. No credentials provided."
            raise AuthenticationFailed(msg)
        elif len(auth) > 2:
            msg = "Invalid token header. Token string should not contain spaces."
            raise AuthenticationFailed(msg)

        try:
            token = auth[1].decode()
        except UnicodeError:
            msg = "Invalid token header. Token string should not contain invalid characters."
            raise AuthenticationFailed(msg)

        try:
            decoded_payload = jwt.decode(
                token,
                settings.SHOPIFY_APP_API_SECRET,
                algorithms=["HS256"],
                audience=settings.SHOPIFY_APP_API_KEY,
                options={"verify_sub": False, "verify_nbf": False},
            )
            dest_host = self.get_hostname(decoded_payload["dest"])
            iss_host = self.get_hostname(decoded_payload["iss"])
            if dest_host != iss_host:
                raise AuthenticationFailed(INVALID_TOKEN_MESSAGE)

            try:
                return UserModel.objects.get(myshopify_domain=dest_host)
            except UserModel.DoesNotExist:
                raise AuthenticationFailed(INVALID_TOKEN_MESSAGE)

        except (ExpiredSignatureError, JWTError, JWTClaimsError) as e:
            logging.warning(f"Login user failed: {e}.")
            raise AuthenticationFailed(INVALID_TOKEN_MESSAGE)

My suggestion would be to change to:

            try:
                return (UserModel.objects.get(myshopify_domain=dest_host), None)
            except UserModel.DoesNotExist:
                raise AuthenticationFailed(INVALID_TOKEN_MESSAGE)

If you agree to these changes, I can create a PR

Appreciate your good work on the application.

Just wondering if the JWT implementation is only needed for non SPA applications and is there any Vanila JS version of the demo app?

In order to get past the Shopify approval process your app must be able to be deleted -> reinstalled. This package doesn't handle this correctly and instead upon reinstall just sends you to a screen that shows invalid and invalid url.

It looks to be an issue with having an expired Django session? I noticed that if I clear out my Django sessions table and then reinstall the app loads fine. I noticed a similar issue with the Koa shopify package here https://github.com/Shopify/quilt/pull/844/files

Hi again, this is Naveen who shot you an email earlier. I am now getting an error "AttributeError at /
'QueryDict' object has no attribute 'iteritems'" ... probably also related to me using python 3.x.
this line in decorators.py.

1.     shopify_params = dict([(k, v) for k, v in request.GET.iteritems() if k in ['shop', 'timestamp', 'signature', 'hmac']])
   

Hi, can I extend views.finalize to emit a Django signal shopify_auth.signals.shop_registered? I want to key off that signal in my app so that I can register webhooks into a user's application.

Wanted to run the idea past you to see if you have input on another way of doing this as I want to get this feature merged in 😄

Thanks Gavin for this really great library and the accompanying guide/videos . I'm trying to follow along but in Django 8. When I try to run migrations I get

ValueError: Dependency on app with no migrations: my_app

Any thoughts on steps needed to prepare the 'my_app' in your example for migrations?

Hi there, I followed your video guide and also tried downloading a zip of the example auth-app project but I get this error in both cases.

After navigating to https://.../accounts/login/?next=/ and clicking install, it tells me that authenticate failed in backends.py because only 2 arguments were given.

It definitely installed but my user is not being authenticated, {{user}} remains as "anonymousUser".

What might cause this?

I put some print lines in your site-packages/shopify_auth/views.py file. It looks like shopify_session.token is None in the views.py file, and args & kwargs are empty as well. However, in backends.py I can see that the token definitely has a value.

Any help would be greatly appreciated. Thank you.

I copied the traceback:

Environment:

Request Method: GET
Request URL: https://2ea3be8d.ngrok.io/login/finalize/?code=5407027b4d609d4bcdd6729784e2dd4e&hmac=397a57b2ba1953c65ec88e26b0f9adca58eac8cfe611c61efb1fc444cdb0a42a&shop=vlpythonteststore.myshopify.com&timestamp=1495733623

Django Version: 1.11.1
Python Version: 2.7.13
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'auth_app',
'shopify_auth']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']

Traceback:

File "C:\Python27\lib\site-packages\django\core\handlers\exception.py" in inner
41. response = get_response(request)

File "C:\Python27\lib\site-packages\django\core\handlers\base.py" in _get_response
187. response = self.process_exception_by_middleware(e, request)

File "C:\Python27\lib\site-packages\django\core\handlers\base.py" in _get_response
185. response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "C:\Python27\lib\site-packages\django\contrib\auth\decorators.py" in _wrapped_view
23. return view_func(request, *args, **kwargs)

File "C:\Python27\lib\site-packages\shopify_auth\views.py" in finalize
83. user = auth.authenticate(myshopify_domain=shopify_session.url, token=shopify_session.token)

File "C:\Python27\lib\site-packages\django\contrib\auth_init_.py" in authenticate
101. user = backend.authenticate(*args, **credentials)

File "C:\Python27\lib\site-packages\shopify_auth\backends.py" in authenticate
11. user = super(ShopUserBackend, self).authenticate(remote_user=myshopify_domain)

Exception Type: TypeError at /login/finalize/
Exception Value: authenticate() takes exactly 3 arguments (2 given)

Hi,
I've read twice your doc, and I still can't figure out if yout auth allow shopify clients of a store to login - everytime its mentions a user, you say "store" or "shop". Can a shopify customer log in with our shop credentiels through this auth ?
thanks

App must set security headers to protect against click jacking.
Your app must set the proper frame-ancestors content security policy directive to avoid click jacking attacks. The 'content-security-policy' header should set frame-ancestors https: //[shop].myshopify.com https://admin.shopify.com, where [shop] is the shop domain the app is embedded on.

Cant Resolve this issue please help

Is it possible to access the Django Admin as a superuser (independent of any registered Shopify shop/account) and see all configured tables in the Django Admin section?

I am trying to set up the Django Admin as per documentation, but whenever I attempt to access the Admin section (localhost:8000/admin/), it asks me for a Shopify Shop name and password. Even if I type in the correct shop address and password, I cannot gain access.

Has anyone stumbled across this issue and knows what the issue here is or what I am not seeing?

Thanks a lot and stay healthy!

Since the new auth, using session tokens instead of cookies, has been released in July, is it going to be supported in this package?

https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens

Django==1.9.8
Python==2.7
django-shopify-auth==0.4.6

Running ./manage.py createsuperuser fails with the following:

Traceback (most recent call last):
File "./manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/Users/sxalexander/.virtualenvs/shopify_fulfillment/lib/python2.7/site-packages/django/core/management/init.py", line 353, in execute_from_command_line
utility.execute()
File "/Users/sxalexander/.virtualenvs/shopify_fulfillment/lib/python2.7/site-packages/django/core/management/init.py", line 345, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/Users/sxalexander/.virtualenvs/shopify_fulfillment/lib/python2.7/site-packages/django/core/management/base.py", line 348, in run_from_argv
self.execute(_args, *_cmd_options)
File "/Users/sxalexander/.virtualenvs/shopify_fulfillment/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 52, in execute
return super(Command, self).execute(_args, *_options)
File "/Users/sxalexander/.virtualenvs/shopify_fulfillment/lib/python2.7/site-packages/raven/contrib/django/management/init.py", line 41, in new_execute
return original_func(self, _args, *_kwargs)
File "/Users/sxalexander/.virtualenvs/shopify_fulfillment/lib/python2.7/site-packages/django/core/management/base.py", line 399, in execute
output = self.handle(_args, *_options)
File "/Users/sxalexander/.virtualenvs/shopify_fulfillment/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 173, in handle
self.UserModel._default_manager.db_manager(database).create_superuser(**user_data)
TypeError: create_superuser() takes exactly 4 arguments (3 given)