{"id":13707925,"url":"https://github.com/natf17/shopify-embedded-app","last_synced_at":"2025-04-13T20:22:19.720Z","repository":{"id":42548199,"uuid":"209843557","full_name":"natf17/shopify-embedded-app","owner":"natf17","description":"Enables any web app using Spring Security to operate as a Shopify embedded app.","archived":false,"fork":false,"pushed_at":"2022-12-16T14:50:06.000Z","size":214,"stargazers_count":24,"open_issues_count":6,"forks_count":9,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-27T10:51:19.370Z","etag":null,"topics":["shopify","shopify-embedded-applications","spring","spring-boot","spring-boot-2","spring-security"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/natf17.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-09-20T17:15:30.000Z","updated_at":"2025-03-06T11:00:16.000Z","dependencies_parsed_at":"2023-01-29T14:15:52.093Z","dependency_job_id":null,"html_url":"https://github.com/natf17/shopify-embedded-app","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natf17%2Fshopify-embedded-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natf17%2Fshopify-embedded-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natf17%2Fshopify-embedded-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natf17%2Fshopify-embedded-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/natf17","download_url":"https://codeload.github.com/natf17/shopify-embedded-app/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248776215,"owners_count":21159744,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["shopify","shopify-embedded-applications","spring","spring-boot","spring-boot-2","spring-security"],"created_at":"2024-08-02T22:01:49.265Z","updated_at":"2025-04-13T20:22:19.670Z","avatar_url":"https://github.com/natf17.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"# This project replaces the shopify-spring-boot-embedded-app project\n\nThis application enables any Spring web application with Spring Security to become a Shopify app and use Shopify's default OAuth offline access token.\n\n# Running the App\n\n- Uses Spring Security 5.2.0.RELEASE\n\nIf you're using the Spring Boot security starter, this translates to version 2.2.X.\n\n## Obtaining Information for Your Shopify App\nOnce you have a development store, create a private app.\n\n1. Fill out \"App name\" with the name of your choice.\n2. Add your \"App URL\": \n\t- *https://{your-hostname}/install/shopify*\n3. For \"Whitelisted redirection URL(s)\" add:\n\t- *https://{your-hostname}/login/app/oauth2/code/shopify*\n\nNow that you've created your app, you're given an API key and an API key secret.\n\n4. Copy the API key and API key secret from the Shopify site.\n5. Store them, along with the desired scope, in a `.properties` file.\n\n```\nppublica.shopify.security.client.client_id=your-key\nppublica.shopify.security.client.client_secret=your-key-secret\nppublica.shopify.security.client.scope=scope1,scope2,...\n```\n6. Choose the password that the Spring encryptors will use to encrypt the token and add it to your `.properties` file:\n\n```\nppublica.shopify.security.cipher.password=your-password\n```\n\n## Adding the project\nIf you're using Maven, add the following under the `\u003cdependencies\u003e` element in the pom.xml:\n\n```\n\u003cdependency\u003e\n   \u003cgroupId\u003ecom.ppublica.shopify\u003c/groupId\u003e\n   \u003cartifactId\u003eshopify-embedded-app\u003c/artifactId\u003e\n   \u003cversion\u003e1.0.0-RELEASE\u003c/version\u003e\n   \u003cscope\u003ecompile\u003c/scope\u003e\n\u003c/dependency\u003e\n```\n\n## Preparing your Application\n1. Make sure your Spring/Spring Boot application can find the security beans in the jar.\n```\n@ComponentScan(basePackages = {\"com.ppublica.shopify.security\"})\n```\n2. Make sure the following beans are in the `ApplicationContext`:\n\t- `MappingJackson2HttpMessageConverter`\n\t- `JdbcTemplate`\n3. Add the following to your `WebSecurityConfigurerAdapter`:\n```\n@EnableWebSecurity\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {\n\t@Override\n\tprotected void configure(HttpSecurity http) throws Exception {\n\t\thttp.authorizeRequests()\n\t\t\t\t.anyRequest().authenticated().and()\n\t\t\t.requiresChannel().and()\n\t\t\t.oauth2Login();\n\t}\n}\n```\n4. Your database is expected to have the following schema:\n```\n|---------------------------STOREACCESSTOKENS-------------------------------|\n|                                                                           |\n|id--storeDomain--tokenType--tokenValue--salt--issuedAt--expiresAt--scopes--|\n|                                                                           |\n|---------------------------------------------------------------------------|\n```\n\n5. Make sure you use HTTPS to comply with Shopify's security requirements. \n\n6. Make sure your app is running and is live at the hostname you specified.\n\n\n## Result\nThe following endpoints were registered:\n\n`/install/shopify?shop={your-store-name.myshopify.com}`:\n- to log in (and install the app on the given store) either from the browser or the embedded app. This is done via Javascript redirects\n- if this endpont is called by Shopify from an embedded app and the store has already been installed, the user will be authomatically authenticated (without any OAuth redirects)\n- not including the `shop` parameter will force a redirect\n\n`/init`:\n- this is the \"login\" endpoint where entering the store name in a form will call the installation endpoint with a populated `shop` parameter\n\n`/login/app/oauth2/code/**`:\n- all the OAuth authentication processing happens here. This endpoint MUST be invoked by Shopify\n\n`/info`:\n- a secure endpoint that displays some useful information about the app:\n\t- apiKey: the api key for the app\n\t- shopOrigin: the domain of the store that's currently logged in\n\t- whether the initial login for the session was done from within an embedded app\n\n`/logout`:\n- to log out\n\n# Customize the default paths\nComing soon!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnatf17%2Fshopify-embedded-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnatf17%2Fshopify-embedded-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnatf17%2Fshopify-embedded-app/lists"}