-
Notifications
You must be signed in to change notification settings - Fork 688
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token exchange not triggered after app reinstall #1886
Comments
Hey Kirill, thanks for reporting this issue, I've tagged the team working on this! |
Current workaroundTo fix this issue in my app I end up adding controller callback that triggers token exchange on the first app loading from admin using pretty complex condition: class AuthenticatedController < ApplicationController
before_action :perform_token_exchange
def perform_token_exchange
return if params[:embedded] != "1" || params[:id_token].blank?
return unless request.path == "/home"
new_session = ShopifyApp::Auth::TokenExchange.perform(shopify_id_token)
current_shopify_session.copy_attributes_from(new_session)
end
end And I now have to trigger class Shop < ActiveRecord::Base
after_save_commit :check_shopify_token_change
def check_shopify_token_change
return unless shopify_token_previously_changed?
AfterAuthenticateJob.perform_now(shop_domain: shopify_domain)
end
end It works well but it's a pretty hacky solution. Proper fixTo properly fix the issue, we need to have some indication from ShopifyAdmin/AppBridge that the request is coming to the app after managed installation. Right now there's no difference in regular app visit and app installation. The best fix would be providing a parameter (eg |
Hey @kirillplatonov, I'll bring this up to the team to see how we'd like to proceed for this. We didn't have a way to handle this because our template app defaults to destroying the record upon uninstallation. In the mean time, I've seen apps implement this in a less hacky way:
I hope this helps in the meantime. Thanks! |
Destroying Shop is not suitable for production apps, unfortunately. We need to keep data during grace period until fully erasing them. And even after erasing app data, we still need to keep Shop record without personal data to track possible app reinstalls in the future and offer support. We need a better default for handling uninstalls in shopify_app template. Regarding suggested workaround with |
@kirillplatonov @zzooeeyy i have this workaround which might be good for reinstallation
this forces a token exchange from what i see so you would not need to override the controller. |
@kirillplatonov, I have the same issue. Any thoughts? |
@remy727 you have to disable it in ShopifyApp config to avoid duplication: ShopifyApp.configure do |config|
# Moved to Shop model because shopify_app doesn't trigger after_authenticate after reinstall
# config.after_authenticate_job = {job: "PlatmartApp::AfterAuthenticateJob", inline: true}
end |
I'm using token exchange auth and managed installs.
When I install the app for the first time - the new
Shop
record is created andShopifyApp::Auth::TokenExchange
is called.When I re-install the app - the
Shop
record is already present in DB andShopifyApp::Auth::TokenExchange
not called automatically soshopify_token
is not updated andpost_authenticate_jobs
are not called.Expected behavior
ShopifyApp::Auth::TokenExchange
should be called after app re-install.Actual behavior
ShopifyApp::Auth::TokenExchange
not called after re-install.Demo
CleanShot.2024-07-26.at.15.45.07.mp4
The text was updated successfully, but these errors were encountered: