shopify / shopify_django_app Goto Github PK

Hello,
after installing the demo APP I get this message

Could not verify a secure login

https://i.imgur.com/XGozNTL.png

When I go back to my test shop Admin, I can see the App is installed. When I open the Demo App, I get the Error
7a548b94.ngrok.io has refused the connection

I started with NGROK with https

What do I have to do now?

Thank you developers for this first of all. Now the problem is I have getting this error while starting the app for the first time.

SHOPIFY_API_KEY and SHOPIFY_API_SECRET must be set in ShopifyAppConfig

I put a .env file in the root, generated a secret key. Then why is it still showing this error?

I came accross this bit in the shopify_apps dir in the middleware.

if not self.api_key or not self.api_secret: raise ConfigurationError("SHOPIFY_API_KEY and SHOPIFY_API_SECRET must be set in ShopifyAppConfig")

But it seems I did put in an env file in the root along with manage.py so why?

From Shopify Python API, it says that currently there is no support for asynchronous requests.

I want to make it faster to get multiple variants from different products. Currently, the API doesn't support it. Can I use Django async support to call Rest API concurrently?

raise ImproperlyConfigured(msg.format(name=self.urlconf_name))
django.core.exceptions.ImproperlyConfigured: The included URLconf 'shopify_django_app.urls' does not appear to have any patterns in it. If you see valid patterns in the file then the issue is probably caused by a circular import.

Detailed error:
pyactiveresource.connection.UnauthorizedAccess: Response(code=401, body="b'{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}'"

This is the same issue as #37, but it was closed without a detailed resolution.
I believe the solution is registering an app/uninstalled webhook.

However, what's the best way to implement webhooks within this Django app? Can webhooks be implemented in this example app repo? Or is anyone else willing to share how they did this?

The closest solution I found is django-shopify-webhook, but it seems like a lot of code just to register a single webhook.

It returns this error message after installation.

1. We loaded http://localhost:8000/
2. App is installed in our shop
3. it redirects to main page again with following information

"Could not log in to Shopify store"

I'm getting Oauth error invalid_request: The redirect_uri is not whitelisted error.

I've added correct api key and api secret.

App URL:
https://05b4-152-59-142-95.ngrok-free.app

Allowed redirection URL(s):
https://05b4-152-59-142-95.ngrok-free.app
https://05b4-152-59-142-95.ngrok-free.app/shopify/finalize

EDIT:

I used URL decoder and redirect part of URL is

redirect_uri=http://05b4-152-59-142-95.ngrok-free.app/shopify/finalize/`

I'm not sure how https is converted into http and a / is add in the end.

Everything other then this is set to default.

Need Help to resolve this issue.

App url : http://localhost:8000/
allowed url : http://localhost:8000/shopify/finalize/
I apologize for any inconvenience caused by the error . could you please provide more details about the error?

:deleted:

Anyone has an issue of not able to log in to the app from Shopify App Admin?

Apparently, the 'code' parameter is not passed in from the Admin.

My workaround is to

    if type(e) == KeyError or type(e) == shopify.ValidationException:
        messages.error(request, "Could not log in to Shopify store.")
        return redirect(reverse('adapters.advoc_shopify.views.install') + "?shop=" + shop_url)

to re-authenticate and get the 'code' parameter.

Trying to make the example app working. Using the Django 1.11 supported version from here https://github.com/aorzh/shopify_django_app.
When i go to http://localhost:8000/login/ and enter the url of my dev test shop - nothing happens.
I added the API key & API secret key of my app in the shopify_settings.py as described.
screenshot shopify partner app: https://i.imgur.com/ERdsroi.png
test shop domain (that i use for installing the example app): https://******.myshopify.com/
What am i doing wrong here?

I was unable to install your app from the App Store listing. I was redirected to this page after clicking 'Get'. When clicking on 'Get' from the app listing, the app should immediately authenticate using OAuth.

the app has been refused for that reason, what exactly they are asking?

The theme app extension requires Shopify CLI but CLI doesn't support python at all. I wonder if it's possible to create any extension if the app is based on Django/Python?

Hello,
Are there some missing steps in the setup environment? I can't run 'printf' in the command line. I am running windows 10 cmd.

Thank you

Can we have the README updated with steps to setup the app to work via an Iframe through Shopify ?

There seems to be a few more knobs that need to be setup in order to get the app to work via an Iframe, X_FRAME_OPTIONS is an example of a setting that without being set an iframe wont work via Shopify

This issue occurs when the store logs in and tries to add the app.

Note: I'm using Django 1.6.2, Python 2.7.6

Stacktrace:

TypeError at /login/finalize/ MergeDict(<QueryDict: {}>, <QueryDict: {u'shop': [u'kens-awesome-bait-shop.myshopify.com'], u'timestamp': [u'1396745815'], u'code': [u'29811f0f04e620c472b65c86cb462e42'], u'signature': [u'f9a4575c70d0d7d4bf15e2b10856d875']}>) is not JSON serializable Request Method: GET Request URL: http://localhost:8000/login/finalize/?code=29811f0f04e620c472b65c86cb462e42&shop=kens-awesome-bait-shop.myshopify.com&timestamp=1396745815&signature=f9a4575c70d0d7d4bf15e2b10856d875 Django Version: 1.6.2 Exception Type: TypeError Exception Value: MergeDict(<QueryDict: {}>, <QueryDict: {u'shop': [u'kens-awesome-bait-shop.myshopify.com'], u'timestamp': [u'1396745815'], u'code': [u'29811f0f04e620c472b65c86cb462e42'], u'signature': [u'f9a4575c70d0d7d4bf15e2b10856d875']}>) is not JSON serializable Exception Location: /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/encoder.py in default, line 184 Python Executable: /Users/josephreis/ENV/django_python2.7.6/bin/python Python Version: 2.7.6 Python Path: ['/Users/josephreis/Documents/Python/django_practice/shopify_django_app', '/Users/josephreis/ENV/django_python2.7.6/lib/python27.zip', '/Users/josephreis/ENV/django_python2.7.6/lib/python2.7', '/Users/josephreis/ENV/django_python2.7.6/lib/python2.7/plat-darwin', '/Users/josephreis/ENV/django_python2.7.6/lib/python2.7/plat-mac', '/Users/josephreis/ENV/django_python2.7.6/lib/python2.7/plat-mac/lib-scriptpackages', '/Users/josephreis/ENV/django_python2.7.6/lib/python2.7/lib-tk', '/Users/josephreis/ENV/django_python2.7.6/lib/python2.7/lib-old', '/Users/josephreis/ENV/django_python2.7.6/lib/python2.7/lib-dynload', '/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7', '/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-darwin', '/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-tk', '/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-mac', '/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-mac/lib-scriptpackages', '/Users/josephreis/ENV/django_python2.7.6/lib/python2.7/site-packages'] Server time: Sat, 5 Apr 2014 20:00:10 -0500

Hello, We are facing a bit of an issue with CSRF tokens in our application. I know browsers are getting a bit strict on the third-party cookies but haven't been able to find a solution to setting the csrf token it the browser.

For now, we are forced to comment out 'django.middleware.csrf.CsrfViewMiddleware', in settings.py, which I don't believe is the correct way to go.

In my settings.py:

CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True

ALLOWED_HOSTS = [
    "admin.shopify.com", 
    "www.mydomain.com",
]

CSRF_TRUSTED_ORIGINS = [
    "admin.shopify.com", 
    "www.mydomain.com",
]
...
MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
...
# Session settings
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_AGE = 1209600
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_SAVE_EVERY_REQUEST = True
CSRF_COOKIE_NAME = 'csrftoken'
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = None

Then, in my JavaScript I have the following code to set the csrf cookie:

// CSRF Token
function getCookie(name) {
  var cookieValue = null;
  if (document.cookie && document.cookie !== '') {
      var cookies = document.cookie.split(';');
      for (var i = 0; i < cookies.length; i++) {
          var cookie = cookies[i].trim();
          if (cookie.substring(0, name.length + 1) === (name + '=')) {
              cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
              break;
          }
      }
  }
  return cookieValue;
}

let csrftoken = getCookie('csrftoken');
console.log('CSRF Token:', csrftoken);

function csrfSafeMethod(method) {
  return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}

$.ajaxSetup({
  beforeSend: function(xhr, settings) {
      if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
          xhr.setRequestHeader("X-CSRFToken", csrftoken);
      }
  }
});

however, console.log('CSRF Token:', csrftoken); outputs null.

This is only happening when we browse the site through Shopify. If we browser it natively then the cookie is set as expected.

Hello, can this repo be used as a starting point for an analytics app to be deployed in the Shopify app store?
Sorry if I'm co-opting issues for questions :)

tried to install but can't pass auth
running into this

<urlopen error unknown url type: https>

if I add two prints statements here

try:
        shop_url = params['shop']
        session = _new_session(shop_url)
        request.session['shopify'] = {
            "shop_url": shop_url,
            "access_token": session.request_token(request.GET)
        }
    except Exception as e:
        print("error")
        print(e)
        messages.error(request, "Could not log in to Shopify store.")
        return redirect(reverse(login))

is auth working right now?

python 3.7
a regular pip env install after removing the pip lock

Hi there,

Thanks for your python shopify app integration.

All the apps i developed no longer work in the Shopify administration iframe, which is really annoying. I tried for several hours to resolve the problem, without success.

Do you have any idea what the problem is and how to fix it?

thank you so much

hi ,

i setup your project in my local system so it return

Oops, something went wrong

in my django app

plz help me for solve that issue

I am testing a scenario where the user deletes the app from the app store and visits the app website for a reinstall. There's this error I am getting, which I think has to do with session cookies.

UnauthorizedAccess at /
Response(code=401, body="b'{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}'", headers={'Date': 'Tue, 07 Jul 2020 16:55:00 GMT', 'Content-Type': 'application/json; charset=utf-8', 'Transfer-Encoding': 'chunked', 'Connection': 'close', 'Set-Cookie': '__cfduid=d66d908e10629c9a0c4c68d2813a8ac3f1594140900; expires=Thu, 06-Aug-20 16:55:00 GMT; path=/; domain=.myshopify.com; HttpOnly; SameSite=Lax', 'X-Sorting-Hat-PodId': '81', 'X-Sorting-Hat-ShopId': '27194884178', 'Referrer-Policy': 'origin-when-cross-origin', 'X-Frame-Options': 'DENY', 'X-ShopId': '27194884178', 'X-ShardId': '81', 'WWW-Authenticate': 'Basic Realm="Shopify API Authentication"', 'Strict-Transport-Security': 'max-age=7889238', 'X-Request-Id': '6c55bc70-6f2d-42dd-9410-3871c8f11987', 'X-Shopify-Stage': 'production', 'Content-Security-Policy': "default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopifycdn.net https://checkout.shopifycs.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com https://widget.intercom.io https://js.intercomcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fshops&source%5Bsection%5D=admin_api&source%5Buuid%5D=6c55bc70-6f2d-42dd-9410-3871c8f11987", 'X-Content-Type-Options': 'nosniff', 'X-Download-Options': 'noopen', 'X-Permitted-Cross-Domain-Policies': 'none', 'X-XSS-Protection': '1; mode=block; report=/xss-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fshops&source%5Bsection%5D=admin_api&source%5Buuid%5D=6c55bc70-6f2d-42dd-9410-3871c8f11987', 'X-Dc': 'gcp-us-central1,gcp-us-central1', 'CF-Cache-Status': 'DYNAMIC', 'cf-request-id': '03cbccd3c50000cbfc1a3fa200000001', 'Expect-CT': 'max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"', 'Server': 'cloudflare', 'CF-RAY': '5af31732da15cbfc-SIN', 'alt-svc': 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400'}, msg="Unauthorized")

Exception Location: | myvenv\lib\site-packages\pyactiveresource\connection.py in _handle_error, line 415
myvenv\Scripts\python.exe

My question is, what's a good way to resolve this, probably clear session cookies, and send the user back to the install/root_path page?

I am encountering this error
'(djangoshopify) C:\Users\aghas\PycharmProjects\djangoshopify\shopify_django_app-master>pipenv install
Installing dependencies from Pipfile.lock (9c378d)...
An error occurred while installing asgiref==3.2.10 --hash=sha256:9fc6fb5d39b8af147ba40765234fa822b39818b12cc80b35ad9b0cef3a476aed --hash=sha256:7e51911ee147dd685c3c8b805c0ad0cb58d360987b56953878f8c06d2d1c6f1a! Will try again.
An error occurred while installing django==3.0.8 --hash=sha256:31a5fbbea5fc71c99e288ec0b2f00302a0a92c44b13ede80b73a6a4d6d205582 --hash=sha256:5457fc953ec560c5521b41fad9e6734a4668b7ba205832191bbdff40ec61073c! Will try again.
An error occurred while installing pyactiveresource==2.2.1 --hash=sha256:8de445c65608133c8d2135a81d44ce4d73cc614204e8b1814c6f04c4d3d73b12! Will try again.
An error occurred while installing pytz==2020.1 --hash=sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048 --hash=sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed! Will try again.
An error occurred while installing pyyaml==5.3.1 --hash=sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76 --hash=sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c --hash=sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a --hash=sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf --hash=sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f --hash=sha256:b8eac752c5e1
4d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d --hash=sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2 --hash=sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee --hash=sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2 --hash=sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97 --hash=sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648! Will try again.
An error occurred while installing shopifyapi==8.0.1 --hash=sha256:94eb70581d9a2ee7327bfe80a453d07b7a2c1c9379dac5202ba2bcad4a9faf3a! Will try again.
An error occurred while installing six==1.15.0 --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259! Will try again.
An error occurred while installing sqlparse==0.3.1 --hash=sha256:e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548 --hash=sha256:022fb9c87b524d1f7862b3037e541f68597a730a8843245c349fc93e1643dc4e! Will try again.
================================ 8/8 - 00:00:09
Installing initially failed dependencies...
[pipenv.exceptions.InstallError]: Could not fetch URL https://pypi.org/simple/asgiref/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/asgiref/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping
[pipenv.exceptions.InstallError]: WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
[pipenv.exceptions.InstallError]: WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/asgiref/
[pipenv.exceptions.InstallError]: WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/asgiref/
[pipenv.exceptions.InstallError]: WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/asgiref/
[pipenv.exceptions.InstallError]: WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/asgiref/
[pipenv.exceptions.InstallError]: WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/asgiref/
[pipenv.exceptions.InstallError]: ERROR: Could not find a version that satisfies the requirement asgiref==3.2.10 (from versions: none)
[pipenv.exceptions.InstallError]: ERROR: No matching distribution found for asgiref==3.2.10
ERROR: Couldn't install package: asgiref
Package installation failed...
================================ 7/8 - 00:00:09
C:\ProgramData\Anaconda3\envs\djangoshopify\lib\subprocess.py:946: ResourceWarning: subprocess 181900 is still running
_warn("subprocess %s is still running" % self.pid,
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.FileIO name=11 mode='rb' closefd=True>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.FileIO name=12 mode='rb' closefd=True>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
C:\ProgramData\Anaconda3\envs\djangoshopify\lib\subprocess.py:946: ResourceWarning: subprocess 162800 is still running
_warn("subprocess %s is still running" % self.pid,
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.FileIO name=13 mode='rb' closefd=True>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.FileIO name=14 mode='rb' closefd=True>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
C:\ProgramData\Anaconda3\envs\djangoshopify\lib\subprocess.py:946: ResourceWarning: subprocess 179304 is still running
_warn("subprocess %s is still running" % self.pid,
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.FileIO name=15 mode='rb' closefd=True>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.FileIO name=16 mode='rb' closefd=True>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
C:\ProgramData\Anaconda3\envs\djangoshopify\lib\subprocess.py:946: ResourceWarning: subprocess 170880 is still running
_warn("subprocess %s is still running" % self.pid,
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.FileIO name=17 mode='rb' closefd=True>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.FileIO name=18 mode='rb' closefd=True>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
C:\ProgramData\Anaconda3\envs\djangoshopify\lib\subprocess.py:946: ResourceWarning: subprocess 177464 is still running
_warn("subprocess %s is still running" % self.pid,
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.TextIOWrapper name=5 encoding='utf-8'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.TextIOWrapper name=6 encoding='utf-8'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
C:\ProgramData\Anaconda3\envs\djangoshopify\lib\subprocess.py:946: ResourceWarning: subprocess 141076 is still running
_warn("subprocess %s is still running" % self.pid,
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.TextIOWrapper name=7 encoding='utf-8'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.TextIOWrapper name=8 encoding='utf-8'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
C:\ProgramData\Anaconda3\envs\djangoshopify\lib\subprocess.py:946: ResourceWarning: subprocess 181320 is still running
_warn("subprocess %s is still running" % self.pid,
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.TextIOWrapper name=9 encoding='utf-8'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
sys:1: ResourceWarning: unclosed file <_io.TextIOWrapper name=10 encoding='utf-8'>
ResourceWarning: Enable tracemalloc to get the object allocation traceback
'

By default, Django uses cookies to store session id. If I use sessions to store data, a cookie must be used. Even I implement session token authentication (which is a must for Shopify app review now), it can't help to remove this cookie.

Does it mean that if I'm using sessions in Django, I can no longer make it as an embedded app? In other words, the app must be standalone?

I'm asking because I'm referring this repo to implement auth in an embedded app:
in def authenticate(request):
request.session['shopify_oauth_state_param'] = state

in def finalize(request):

if request.session['shopify_oauth_state_param'] != params['state']:
       messages.error(request, 'Anti-forgery state token does not match the initial request.')

However, I am afraid my app can't pass through app review now. Can you clarify if I can use sessions and how is it possible?

Hi all, trying to follow the tutorial, and in the
python manage.py syncdb step I get the following message:KeyError: 'DJANGO_SECRET'

Full response here:

python manage.py syncdb
Traceback (most recent call last):
File "manage.py", line 10, in
execute_from_command_line(sys.argv)
File "C:\Python\lib\site-packages\django\core\management_init_.py", line 381, in execute_from_command_line
utility.execute()
File "C:\Python\lib\site-packages\django\core\management_init_.py", line 325, in execute
settings.INSTALLED_APPS
File "C:\Python\lib\site-packages\django\conf_init_.py", line 57, in getattr
self.setup(name)
File "C:\Python\lib\site-packages\django\conf_init.py", line 44, in setup
self.wrapped = Settings(settings_module)
File "C:\Python\lib\site-packages\django\conf_init.py", line 107, in init
mod = importlib.import_module(self.SETTINGS_MODULE)
File "C:\Python\lib\importlib_init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1006, in _gcd_import
File "", line 983, in _find_and_load
File "", line 967, in _find_and_load_unlocked
File "", line 677, in _load_unlocked
File "", line 728, in exec_module
File "", line 219, in _call_with_frames_removed
File "C:\Users\arome\desktop\Tooles\shopify_django_app-master\settings.py", line 67, in
SECRET_KEY = os.environ['DJANGO_SECRET']
File "C:\Python\lib\os.py", line 678, in getitem
raise KeyError(key) from None
KeyError: 'DJANGO_SECRET'

When the new authentication is released in July, I wonder can it be included in this sample app?

Hello, I am trying to use your code to try and create a Shopify App and feel like I am failing at at the first hurdle.

I have set the app up and installed in on my on my development store. I have tried to use the Client ID, and Client Secret but it is returning a 403 code so I assume those are the incorrect values.

When I navigate to the store admin and got to settings and then Apps and sales channels. Clicking on the installed app doesn't show a API Key or API Secret.

Where do you find: SHOPIFY_API_KEY and SHOPIFY_API_SECRET

Again sorry for the question for what I assume is a simple process.

NoReverseMatch at /shopify/finalize/
Reverse for 'root_path' with arguments '()' and keyword arguments '{}' not found. 0 pattern(s) tried: []
Request Method: GET
Request URL: http://localhost:8000/shopify/finalize/?code=dddd8e22f4a1f0195673a586c034c326&shop=log-horizon-2.myshopify.com&timestamp=1412929222&signature=c4d2343d79bdc76125a78451f8e898fd
Django Version: 1.6.6
Exception Type: NoReverseMatch
Exception Value:
Reverse for 'root_path' with arguments '()' and keyword arguments '{}' not found. 0 pattern(s) tried: []
Exception Location: /usr/local/lib/python2.7/dist-packages/django/core/urlresolvers.py in _reverse_with_prefix, line 456
Python Executable: /usr/bin/python
Python Version: 2.7.6
Python Path:
['/home/wish/djangoProjects/ip_loc',
'/usr/lib/python2.7',
'/usr/lib/python2.7/plat-x86_64-linux-gnu',
'/usr/lib/python2.7/lib-tk',
'/usr/lib/python2.7/lib-old',
'/usr/lib/python2.7/lib-dynload',
'/usr/local/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages/PILcompat',
'/usr/lib/python2.7/dist-packages/gtk-2.0',
'/usr/lib/pymodules/python2.7',
'/usr/lib/python2.7/dist-packages/ubuntu-sso-client']
Server time: Fri, 10 Oct 2014 08:20:24 +0000
Traceback Switch to copy-and-paste view

/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py in get_response
response = wrapped_callback(request, _callback_args, *_callback_kwargs) ...
▶ Local vars
/home/wish/djangoProjects/ip_loc/shopify_app/views.py in finalize
response = redirect(_return_address(request)) ...
▶ Local vars
/home/wish/djangoProjects/ip_loc/shopify_app/views.py in _return_address
print "_return_address:",request.session.get('return_to') or reverse('root_path') ...
▶ Local vars
/usr/local/lib/python2.7/dist-packages/django/core/urlresolvers.py in reverse
return iri_to_uri(resolver._reverse_with_prefix(view, prefix, _args, *_kwargs)) ...
▶ Local vars
/usr/local/lib/python2.7/dist-packages/django/core/urlresolvers.py in _reverse_with_prefix
(lookup_view_s, args, kwargs, len(patterns), patterns)) ...
▶ Local vars

Using the current master, I'm unable to get the app to install to a website (the very first thing I need to do).

URL:

https://<shop>.myshopify.com/admin/oauth/authorize?scope=read_products%2Cread_orders&client_id=<id>&redirect_uri=https%3A%2F%2F<shop>%2Flogin%2Ffinalize%2F

What happened?

Oauth error invalid_request: The redirect_uri is missing or not whitelisted

Redirection URL:

https://<shop>.herokuapp.com/
https://<shop>.herokuapp.com/login/
https://<shop>.herokuapp.com/login/authenticate
https://<shop>.herokuapp.com/login/finalize

The "documentation" provided is not clear on how to integrate this "app" with the shopify website.
Even the first step: what URLs I need to add to the Redirection URL setting, is unclear. I've tried pretty much every combination and the result is the same.

Hi! I am getting this error KeyError at /shopify/finalize/ 'shopify_oauth_state_param' while trying to load the app inside Shopify admin.

It seems the request.session not retaining inside the iframe. Would you like to share how can I make the session persist inside the iframe(inside the Shopify admin)

I've tried by commenting the middleware #'django.middleware.clickjacking.XFrameOptionsMiddleware',

To load the app inside Shopify admin I've wrtten (This is coppied from the Shopify auth lib):

Any help would be appreciated!!!

Thank you!!

Anyone seeing this?

TypeError at /login/authenticate/
unbound method create_permission_url() must be called with Session instance as first argument (got unicode instance instead)

This is with the stock code and a fresh install of the python api lib

Hi I am following the tutorial step by step from scratch and I cant get passed this step:

$ python manage.py syncdb
Unknown command: 'syncdb'
Type 'manage.py help' for usage.

I have managed to setup the app. but when I try to view the application embedded in Shopify Admin I get the following errors:

[17/Mar/2023 19:07:17] "GET /?embedded=1&hmac=...&host=...&locale=en&session=...&shop=...&timestamp=... HTTP/1.1" 302 0
[17/Mar/2023 19:07:17] code 400, message Bad request syntax ('\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x03o\x1b4\x18\x9dÃôÄ\x93¦\x8ep©àƺ_M\x80?m\x00R')
[17/Mar/2023 19:07:17] You're accessing the development server over HTTPS, but it only supports HTTP.

[17/Mar/2023 19:07:17] code 400, message Bad request version ('\x1a\x1a\x13\x01\x13\x02\x13\x03À+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x01\x00\x01\x93')
[17/Mar/2023 19:07:17] You're accessing the development server over HTTPS, but it only supports HTTP.

[17/Mar/2023 19:07:17] code 400, message Bad request version ('\x00\x02\x01\x00\x00')
[17/Mar/2023 19:07:17] You're accessing the development server over HTTPS, but it only supports HTTP.

[17/Mar/2023 19:07:18] code 400, message Bad request version ('\x02h2\x08http/1.1ÿ\x01\x00\x01\x00\x00')
[17/Mar/2023 19:07:18] You're accessing the development server over HTTPS, but it only supports HTTP.

Is there anyway to configure the app to have the development application show embedded in the Shopify admin GUI?

The demo app includes the following line in MIDDLEWARE_CLASSES

    'shopify_app.middleware.LoginProtection',

However I don't see that class in the django-shopify-auth application and I get a 'No module named shopify_app.middleware' if I include it in my settings.

Was this file removed from your library?

It would be easier to get started with this app if the "requirement.txt" file provided.
Thanks

Problem:
I've been trying to install and run this repo, but I've run into this error when trying to install my app to my store:

Invalid request: The Shopify API application does not support `oauth`

Has anyone been able to get a Shopify Store working with Django and Python?

_If so how did you get around the oauth issue?_

Additional thoughts:
My initial suspicion is that the repo hasn't been updated to support oauth2.0 but the Shopify API has. After looking through the codebase to see if can manually update to oauth2.0 I only found a few references to oauth in the shoify api, and they all seem to be updated for oauth2.0 (see below). So I believe the problem must be with the API its self and not the example. Strangely though, If I use the plain python API, everything works fine.

shopify/session.py:
   50  
   51          if params.has_key('code'):
   52:             # OAuth2
   53              self.token = self.request_token(params['code'])
   54          else:
   ..
   61          shop_url = cls.__prepare_url(shop_url)
   62          if scope:
   63:             # OAuth2
   64              query_params = dict(client_id=cls.api_key, scope=",".join(scope))
   65              if redirect_uri: query_params['redirect_uri'] = redirect_uri
   66:             return "%s://%s/admin/oauth/authorize?%s" % (cls.protocol, shop_url, urllib.urlencode(query_params))
   67          else:
   68              # Legacy
   ..
   83          site = "%s://%s" % (self.protocol, self.url)
   84          params = (self.api_key, self.secret, code)
   85:         access_token_path = "/admin/oauth/access_token?client_id=%s&client_secret=%s&code=%s" % params
   86          connection = ShopifyConnection(site, None, None, ShopifyResource.timeout, JSONFormat)
   87          response = connection.post(access_token_path, ShopifyResource.headers)

Having a trailing slash after the store name causes the installation to fail. for example, http://my-test-store.myshopify.com/

Hi, I'm trying to login into my store in order to test the app. I followed the given instructions and tried to log into my store via .../shopify/login/, but when it redirects to .../shopify/authenticate/ I get the following error: no such table: django_session.
What could it be? thanks!