-
Notifications
You must be signed in to change notification settings - Fork 221
verifyRequest middleware in koa-shopify-auth package doesn't work in 2 specific scenarios #814
Comments
I was going to get to building a workaround soon, I'll share what I build once I've got it. |
This is also the case when you access two store with the same app installed. |
I am also running into this issue. I have tried a handful of solutions, with no luck so far. If I install the same app on two stores and switch from one store to the second store, all the cookies, session, access token, etc. are from the first store, which then shows the first store information in the second store's app. |
@katiedavis Bringing more attention to this issue as it's one of the biggest problems I'm having with this package |
Closed by #940 |
Sorry for the delay, this should be fixed in version |
I have version I tried to roll back to version |
I'm seeing the issue as well, especially getting a 404 on /auth/callback?= ... when reinstalling. I've had 3.1.63 and updated to 3.1.66 and still seeing the issue. |
Overview
koa-shopify-auth middleware does not seem to work well specifically in 2 scenarios:
Checking the code reveals that verifyRequest is just checking if the session and accessToken are available.. It is not confirming if they belong to the shop which is making the new request.
koa-shopify-auth/src/verify-request/verify-request.ts
...
I have seen some workarounds for the second scenario #727 but no elegant solution.
No workarounds for the first one yet.
The text was updated successfully, but these errors were encountered: