oauth - Node.js - How to use access / auth tokens? -


i have built first node.js app supposed installed on shopify store. if want see actual code looks (app.js) can view here. it's basic reading through won't hard.

i know how authenticate installation of app (following shopify instructions) i don't how authenticate subsequent requests using permanent access token successful installation provides me with.

by subsequent requests i'm referring requests either render app or requests install app, though app installed.

right now, i'm storing shop's name (which unique) along permanent token shopify sends me in database. don't know if that's necessary. if i'm not mistaken, simply using browser's session ? how do ? , how use token every time request comes through check if valid one?

thank help/suggestions!

the code below sort of representation of my actual code looks in order give idea of issues :

db.once('open', function(callback) {      app.get('/', function (req, res)    {       var name = getnamefrom(req);        if (existsindb(name) && tokenexistsindbfor(name))       {          res.redirect('/render');           /*             checking shop (along permanent token)             exists in db enough ?             shouldn't check whether current request comes              token equal 1 in db ?             if token received request different                    1 stored in db ?          */        }       else res.redirect('/auth');    });     app.get('/auth', function (req, res)    {           if (authenticated(req))       {           var token = getpermanenttoken();            storeitindb(namefrom(req), token);           res.redirect('/render');            /*             aren't supposed more              token i've received ? send             back/store in browser session maybe?             storing in db necessary ?           */       }    });      app.get('/render', function (req, res)    {          /*       how check request coming        authorised shop has necessary token ?       checking db not        because there might inconsistency correct ?       */        res.sendfile(*file build app on client*);    }); });

getting access token shopify once time process.

save access token , shop's name in db, , generate , save 'auth token' based on algorithm. return generated auth token client. make sure client sends auth token in every request.

now when client hit server verify auth token; once verified make call shopify api using appropriate 'access token' , shop name.

authentication flow follows:

  • get access token shopify
  • generate token(i refering auth token) shopify shop, refer this
  • now save shopify's access token, shopify store name , generated token db
  • now send generated token client(save in cookie or local storage)

validation flow:

  • clients hits server data auth token
  • verify auth token in db, , access token , shop name auth token
  • now make calls shopify api using access token , shop name

hope method helps


-

Comments

Post a Comment

Popular posts from this blog

c# - Binding a comma separated list to a List<int> in asp.net web api -

the default binder in web api expecst http://url.com/webapi/report/?pageids=3243&pageids=2365 to bind public ihttpactionresult report(list<int> pageids){ // exciting webapi code} i wish bind http://url.com/webapi/report/?pageids=3243,2365 as running out of space in url get . i have created class public class commaseparatedmodelbinder : system.web.http.modelbinding.imodelbinder { public bool bindmodel(httpactioncontext actioncontext, modelbindingcontext bindingcontext) { //binding in here } } and registered in webapiconfig.cs var provider = new simplemodelbinderprovider( typeof(list<int>), new commaseparatedmodelbinder()); config.services.insert(typeof(modelbinderprovider), 0, provider); i have altered method signature use model binder so public ihttpactionresult report( [modelbinder] list<int> pageids){ // exciting webapi code} however break point in binder not being
Read more

Delphi 7 and decode UTF-8 base64 -

in delphi 7, have widestring encoded base64(that received web service widestring result) : pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg== when decoded it, result not utf-8: <?xml version="1.0"?> <string>طھط³طھ</string> but when decoded base64decode.org, result true : <?xml version="1.0"?> <string>تست</string> i have use encddecd unit decodestring function. the problem have using decodestring . function, in delphi 7, treats decoded binary data being ansi encoded. , problem text utf-8 encoded. to continue encddecd unit have couple of options. can switch decodestream . instance, code produce utf-8 encoded text file data: {$apptype console} uses classes, encddecd; const data = 'pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg=='; var input: tstringstream; output: tfilestream; begin input := tstringstream.create(data); try output := tfilestream.
Read more

html - Is there any way to exclude a single element from the style? (Bootstrap) -

so, have img logo, overlaid on div styled background-image: url("...") , , both elements inside 2 div classes .to-color , .to-overlay respectively, black transparent overlay. is there way exclude logo style given these 2 classes? here's jsfiddle example: link html , css example: - html - <div class="to-color"> <div class="to-overlay"> <div class="respo"> <div class="row"> <div class="col-xs-4 col-xs-offset-4 text-center"> <img src="http://ansonalex.com/wp-content/uploads/2011/06/google-logo-768x260.png" alt="..." class="img-responsive"> </div> </div> </div> </div> </div> - css - .to-color { background-color: #000; } .to-overlay { opacity : 0.5; } .respo { background-image: url("https://source.unsplash.com/category/objects/1600x900"); background-position: center center;
Read more