{"id":21826414,"url":"https://github.com/byjpr/plug_shopify_jwt","last_synced_at":"2026-04-29T00:02:49.103Z","repository":{"id":57535197,"uuid":"386604407","full_name":"byjpr/plug_shopify_jwt","owner":"byjpr","description":"Validates Shopify JWT, designed for Shopify App Bridge","archived":false,"fork":false,"pushed_at":"2021-07-30T08:10:10.000Z","size":66,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-27T16:40:53.262Z","etag":null,"topics":["elixir","embedded-app","jwt","session-tokens","shopify","shopify-app","shopify-embedded-applications"],"latest_commit_sha":null,"homepage":"","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/byjpr.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-16T10:53:28.000Z","updated_at":"2021-12-11T11:11:55.000Z","dependencies_parsed_at":"2022-09-26T18:21:53.041Z","dependency_job_id":null,"html_url":"https://github.com/byjpr/plug_shopify_jwt","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byjpr%2Fplug_shopify_jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byjpr%2Fplug_shopify_jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byjpr%2Fplug_shopify_jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byjpr%2Fplug_shopify_jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/byjpr","download_url":"https://codeload.github.com/byjpr/plug_shopify_jwt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244795430,"owners_count":20511519,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["elixir","embedded-app","jwt","session-tokens","shopify","shopify-app","shopify-embedded-applications"],"created_at":"2024-11-27T18:03:56.228Z","updated_at":"2026-04-29T00:02:49.068Z","avatar_url":"https://github.com/byjpr.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PlugShopifyJwt\n\n[![Elixir CI](https://github.com/byjpr/plug_shopify_jwt/actions/workflows/elixir.yml/badge.svg)](https://github.com/byjpr/plug_shopify_jwt/actions/workflows/elixir.yml)\n[![Coverage Status](https://coveralls.io/repos/github/byjpr/plug_shopify_jwt/badge.svg?branch=main)](https://coveralls.io/github/byjpr/plug_shopify_jwt?branch=main)\n[![Libraries.io for releases](https://img.shields.io/librariesio/release/github/byjpr/plug_shopify_jwt.svg?style=flat-square)](https://libraries.io/github/byjpr/plug_shopify_jwt)\n\nThis plug validates Shopify JWT - also known as session token authentication. Session tokens/JWT are a replacement for cookie based authentication in embedded apps.\n\nPlugShopifyJwt is architected to support Session tokens whilst allowing you to verify with URL parameters (validation of URL parameters is not included in this plug) should you decide.\n\n## Setup\n\n### Usage\nGrab you app secret, and crack open your router.ex file, insert `plug PlugShopifyEmbeddedJWTAuth, [secret: \"your-secret\"]`. A basic setup looks something similar to this:\n\n```elixir\n  pipeline :embedded do\n    plug PlugShopifyEmbeddedJWTAuth, [secret: \"224e5146-4f1e-4a1d-a64a-2732df659542\"]\n  end\n\n  scope \"/api\", HelloPhoenixWeb do\n    pipe_through :embedded\n\n    get \"/show\", PageController, :show\n  end\n```\n\n### Installation\nThe package can be installed by adding `plug_shopify_jwt` to your list of dependencies in `mix.exs`:\n\n```elixir\ndef deps do\n  [\n    {:plug_shopify_jwt, \"~\u003e 0.1.1\"}\n  ]\nend\n```\n\n### Conn Private:\nWe set the following on the conn.private object:\n1. `:ps_jwt_success` - `true` indicates the plug ran, found the JWT, decoded it and placed it in `:shopify_jwt_claims` - `false` indicates that there was a failure in the pipeline.\n2. `shopify_jwt_claims` - returns the full decoded JWT.\n3. `current_shop_name` - returns the myshopify.com domain for the current store, e.g. `example.shopify.com`.\n\n### Plug config:\n1. `:halt_on_error` - `true` stop the conn and returns an error 401. False will set `:ps_jwt_success` to `false` on failure\nand allow you to deal with the error elsewhere. Default `true`.\n2. `algorithm` - one of _\"HS256\", \"HS384\", \"HS512\", \"RS256\", \"RS384\", \"RS512\", \"ES256\", \"ES384\", \"ES512\", \"PS256\", \"PS384\", \"PS512\", \"Ed25519\", \"Ed25519ph\", \"Ed448\", \"Ed448ph\"_. Shopify uses \"HS256\", which the plug will set as a default, however, for future proofing, we have exposed this config from Joken. Default `HS256`.\n3. `secret` - the app secret you got when you created your Shopify App in the Shopify Partner portal. **Required**\n4. `signer` - used by the plug to store `Joken.Signer`.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyjpr%2Fplug_shopify_jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbyjpr%2Fplug_shopify_jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyjpr%2Fplug_shopify_jwt/lists"}