Skip to content
This repository was archived by the owner on May 12, 2023. It is now read-only.

Include state in auth url #17

Open
peterchaula wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Include state in auth url #17

peterchaula wants to merge 2 commits into from

Conversation

@peterchaula
Copy link

@peterchaula peterchaula commented Aug 15, 2016

It seems like if you follow Shopify OAuth Documentation and include the state parameter for verification the hmac verification fails on the client server size. My assumption is that Shopify includes state in calculation of the hash

https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}

{nonce} - a randomly selected value provided by your application, which is unique for each authorization request. During the OAuth >callback phase, your application must check that this value matches the one you provided during authorization. This mechanism is >important for the security of your application.

Shopify docs

@peterchaula
Include state in auth url
b5d2820 
It seems like if you follow Shopify OAuth Documentation and include the **state** parameter for verification the **hmac** verification fails on the client server size. My assumption is that Shopify includes **state** in calculation  of the hash

>https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce} 

>{nonce} - a randomly selected value provided by your application, which is unique for each authorization request. During the OAuth >callback phase, your application must check that this value matches the one you provided during authorization. This mechanism is >important for the security of your application.

[Shopify docs](https://help.shopify.com/api/guides/authentication/oauth#scopes)
@peterchaula
Update shopify.php
5e2cfbd
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peterchaula