Shopify oAuth2 app

Hi there,

Recently I’ve started to build an app which will require to talk to the Shopify admin API and the biggest issue for me is the way they require to obtain an access token necessary for all GraphQL requests. What I need is a Shopify app which after installing stores that access token along with a store domain and then a mobile app would be able to get a token for a given store domain. I’ve read the Connect your app to Shopify article but still have some doubts if it would be possible to achieve that with Auth0 platform. For starters, it seems like the Auth0 can connect to just one given store (there is a need to provide a store domain during configuration. Could anyone tell me if I can use the Auth0 platform or I should rather build a dedicated web app?
Cheers,
mat

Hi @mat!

I’ve been reading how to build a solution for your use case and I think I have some ideas to guide you:

You may want to set upstream_params field in the Connections endpoint of Management API v2 to allow the shop parameter (that is asked in the Auth0 Dashboard as required) to be dynamically added to the Auth0 login prompt.
That is, you will have to gather the user’s shop name (however you want to do it) and then add that parameter to the /authorize call (either if using auth0-js or doing it by hand) as a hint.
For example, you set "upstream_params": {"shop": {"alias": "login_hint"}} in the shopify connection you create using the Management API and then in auth0-js you use it like this: webAuth.authorize({ ..., login_hint: <user's shop name here> }).
You have to set an alias because there’s a limited set of parameters that the login prompt accepts, more info here: Pass Parameters to IdPs

Regarding the access token you can follow Calling and external IdP API to learn how to get it from the user identities and how to use it.

Let me know if that works for you :slight_smile:

Thanks for using Auth0 :muscle:

Hi @nicolas.garcia,
Been trying to implement the same thing, well I even tried how you suggested. It brings me to shopify’s login page aptly even the user logs in successfully but post that the I receive an ‘invalid_request’ error with a long get parameter which has a whole web page which ultimately states the same thing that it was an invalid request. :stuck_out_tongue:
Little help would be great.
Thanks.

Instead I tried a dirty workaround wherein I call the connections endpoint to update the shop parameter in options every time as user is trying to sign in using shopify.

@nicolas.garcia I’m running into the same issue as @vamashraddharsh . Here’s the error page which gets embedded in the URL hash after the login flow completes:

Update: I suspect that the login_hint is not being passed to Shopify when Auth0 tries to fetch the user profile. After reading this Shopify forum thread I suspect that the association with the shop may be lost after the first redirect.

Oddly, the HTML response is being sent from Auth0! It must be proxying the error code from Shopify. This all happens before control even returns to my application, so the bug does not seem to be within my control to fix.