Comments (6)
sillycube
commented on July 30, 2024
1
Thanks for your prompt reply. I guess you mean using sessions out of view with SessionStore. Use the id to be the key of the session. But I've been using many request.session in my view functions. It may take a lot of time to do the refactoring
Comparing the benefits and costs, the non-embedded approach may be better for me. And I don't need to take care of session token auth and Django session cookie anymore.
Hopefully, your team can suggest a better approach for Python / Django developers. I find it painful following session token auth, Oauth, App Bridge documentation and the sample Django app but it can't go through app review. It's just too hard to implement all of these without concrete examples. I personally spent a month studying all of them and go back and forth with the app review team.
from shopify_django_app.
paulomarg
commented on July 30, 2024
Hey @sillycube, unfortunately embedded apps are no longer allowed to use any cookies, because any cookies set by your app will be 3rd party cookies, and browsers are making it harder to use those.
What you can do is use the session token that App Bridge sends when calling authenticatedFetch to store a session in your server. You can parse the JWT token in the Authorization: Bearer HTTP header and use e.g. the shop (dest) and user (sub) fields from the payload to create a unique id and store your session data based on that id.
from shopify_django_app.
paulomarg
commented on July 30, 2024
Thank you for that feedback, we'll take it under consideration! We've recently produced an example app using django and session tokens, so hopefully that can give you some useful insights into how they can be used.
You can visit https://github.com/shopify/sample-django-app for that.
from shopify_django_app.
sillycube
commented on July 30, 2024
Thanks, @paulomarg. I didn't realize that there is a new sample Django app! I still have an old Shopify app using EASDK. Shopify has asked us to upgrade it to App Bridge & Session token auth. Hope the repo can help me and the others.
At a first glance, I found it quite interesting. It didn't use middleware to parse the session token as suggested by the docs. Instead, it used decorators to wrap the functions. Also, it's great to use CDNs without bundling with a build system.
Can this sample app work completely without 3rd party cookie?
from shopify_django_app.
paulomarg
commented on July 30, 2024
Yes, I believe that app is using session tokens throughout!
from shopify_django_app.
keshav-1504
commented on July 30, 2024
Is there any update on this as I am getting error of protected customer permission when i run : sample django app
from shopify_django_app.
Related Issues (20)
- Setup Environment HOT 1
- UnauthorizedAccess when the user uninstalls app and visits app website for reinstall HOT 2
- KeyError at /shopify/finalize/ 'shopify_oauth_state_param' HOT 1
- circular import error HOT 4
- Enhance README with steps to setup Shopify app via Iframe HOT 2
- Can you include the new authentication with session tokens? HOT 1
- KeyError at /shopify/finalize/ 'shopify_oauth_state_param' HOT 8
- Pure Noob Question about an error while first starting the app. HOT 2
- Authentication not working: 'no such table: django_session' HOT 1
- analytics app? HOT 6
- Can I use Django async support to call Shopify API?
- How can I add a theme app extension to a Shopify app based on python django?
- UnauthorizedAccess when the user uninstalls the app HOT 2
- Can't find SHOPIFY_API_KEY and SHOPIFY_API_SECRET
- Emmbedded App: You're accessing the development server over HTTPS, but it only supports HTTP.
- Can't run pipenv install command
- Oauth error invalid_request: The redirect_uri and application url must have matching hosts HOT 4
- ERROR: Oauth error invalid_request: The redirect_uri is not whitelisted
- CSRF Cookie not being set in browser when browsing the app embedded in Shopify
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shopify_django_app.