module ShopifyAPI::Auth::TokenExchange
Constants
- ID_TOKEN_TYPE
- TOKEN_EXCHANGE_GRANT_TYPE
Public Class Methods
exchange_token(shop:, session_token:, requested_token_type:)
click to toggle source
# File lib/shopify_api/auth/token_exchange.rb, line 29 def exchange_token(shop:, session_token:, requested_token_type:) unless ShopifyAPI::Context.setup? raise ShopifyAPI::Errors::ContextNotSetupError, "ShopifyAPI::Context not setup, please call ShopifyAPI::Context.setup" end raise ShopifyAPI::Errors::UnsupportedOauthError, "Cannot perform OAuth Token Exchange for private apps." if ShopifyAPI::Context.private? raise ShopifyAPI::Errors::UnsupportedOauthError, "Cannot perform OAuth Token Exchange for non embedded apps." unless ShopifyAPI::Context.embedded? # Validate the session token content ShopifyAPI::Auth::JwtPayload.new(session_token) shop_session = ShopifyAPI::Auth::Session.new(shop: shop) body = { client_id: ShopifyAPI::Context.api_key, client_secret: ShopifyAPI::Context.api_secret_key, grant_type: TOKEN_EXCHANGE_GRANT_TYPE, subject_token: session_token, subject_token_type: ID_TOKEN_TYPE, requested_token_type: requested_token_type.serialize, } client = Clients::HttpClient.new(session: shop_session, base_path: "/admin/oauth") response = begin client.request( Clients::HttpRequest.new( http_method: :post, path: "access_token", body: body, body_type: "application/json", ), ) rescue ShopifyAPI::Errors::HttpResponseError => error if error.code == 400 && error.response.body["error"] == "invalid_subject_token" raise ShopifyAPI::Errors::InvalidJwtTokenError, "Session token was rejected by token exchange" end raise error end session_params = T.cast(response.body, T::Hash[String, T.untyped]).to_h Session.from( shop: shop, access_token_response: Oauth::AccessTokenResponse.from_hash(session_params), ) end