OAuth 2 is an authorization protocol that enables a third-party applications to obtain limited access to an HTTP service. One of the main aspects of this protocol is the access token that is issued to the application. This token is used by the app to perform various actions on the user’s behalf. However, it can’t perform something that was not approved (for example, the user may only allow an app to fetch information about contacts, but not orders or products).
The connector framework provides a template controller to implement the OmniAuth2 (Web Server) authentication cycle. Three actions are provided:
request_omniauth. The main purpose of this action is to send the request to YourApplication website to retrieve a unique code that will be exchanged for a token. A typical implementation, using the Omniauth gem (Your application might provide a specific gem), would look like this:
def request_omniauth return redirect_to root_url unless is_admin # Retrieve the uid of your organization org_uid = params[:org_uid] # This parameter is specific to Shopify shop_name = params[:shop] if shop_name.blank? flash[:error] = 'My shopify store url is required' return redirect_to root_url end shop = shop_name.strip + '.myshopify.com' auth_params = { # Include the state in your request :state => current_organization.uid, :shop => shop } # Make sure to provide a sanitised URL auth_params = URI.escape(auth_params.collect { |k, v| "#{k}=#{v}" }.join('&')) # Request the code using the Omniauth gem implementation redirect_to "/auth/#{params[:provider]}?#{auth_params}", id: 'sign_in' end |
create_omniauth. This action consumes the callback received from the authorization server and updates current_organization
with the credentials. A typical implementation would look like this:
def create_omniauth omniauth_params = request.env['omniauth.params'] org_uid = omniauth_params['state'] if omniauth_params response = request.env['omniauth.auth'] return redirect_to root_url unless is_admin && org_uid && response # This parameter is specific to Shopify, and can be any unique identifier sent by YourApplication shop_name = response.uid # This method is provided by the framework and expects data with specific fields. Find more information in the FAQ section. current_organization.from_omniauth(response) current_organization.instance_url = "https://#{shop_name}/admin" unless current_organization.save flash[:alert] = "Oops, your account could not be linked. #{format_errors(current_organization)}" return redirect_to root_url end # Webhooks implementation is application specific token = response['credentials']['token'] Shopify::Webhooks::WebhooksManager.queue_create_webhooks(org_uid, shop_name, token) redirect_to root_url rescue => e Maestrano::Connector::Rails::ConnectorLogger.log('warn', current_organization, "An error has occurred in the auth process: #{e}") return redirect_to root_url end |
destroy_omniauth. This action takes care of clearing the information from your {{current-organization}}:
def destroy_omniauth return redirect_to root_url unless is_admin current_organization.clear_omniauth redirect_to root_url end |