Authentication Process After Merchant Installed The App
I've implemented embed app installation process and got access token for shop on backend. How do i supposed to authenticate user when he open the app now? There is no shop name and hmac in query string when user open my app.
When you get a token back, for a shop, you are supposed to store that token in your persistence layer so you can re-use it, and to start a session. Whenever Shopify sends a request to your app they include the shop name so you can look it up and get the token and start a session. Requests without a shop name and no session spell re-authentication time.
Are you missing the part about starting a session? If someone is trying to access your App without authenticating, you need to block that access obviously. The tricky thing is ensuring all requests from your App to your App include the shop name so that if the session you started expires, you have a chance of re-authenticating one.
- → Laravel 5.1 page authentication using routes
- → Laravel 5: Apache php http authentication
- → Authenticate with a cookie using laravel 5.1 and jwt
- → Laravel - Custom User Fields
- → Can Cookies be securely sent from one machine to another to access a resource
- → Authorization along with Authentication in Route.php : Laravel 5.1
- → Laravel 5.1 Custom table names and field names
- → how to create middleware in octobercms
- → Can I store an access Cookie in a Laravel session?
- → how can I add columns for AppUser and store the data to in users table in laravel 5.1?
- → How to Disable Selected Middleware in Laravel Tests
- → GET user info from MongoDB w/AJAX
- → Laravel chat channel authentication without full user instance