HomeDocDocumentation QuoteFlowAuthentication

Authentication

Authentication

Estimated reading: 1 minute 12 views

Authentication System

OAuth 2.0 Shopify with encrypted persistent session stored in the database.

OAuth Flow

1

Access /auth/login

Merchant enters their Shopify domain. Redirect to Shopify OAuth begins.

2

Shopify Authorization

Shopify displays the consent screen for the requested OAuth scopes.

3

Callback /auth/*

Code exchanged for an access token via the Shopify API.

4

Session Stored

Encrypted token saved in PostgreSQL via @shopify/shopify-app-session-storage-prisma.

5

Embedded Access

All /app/* routes validate the session via authenticate.admin(request).

Required OAuth Scopes

read_customersread_fulfillments read_ordersread_product_listings read_productsread_publications read_themesread_online_store_pages write_app_proxywrite_products write_publicationswrite_draft_orders

App Proxy routes (/apps/quote-flow/*) use authenticate.public.appProxy(request) — validated by shop param without a user session.

Leave a Reply

Your email address will not be published. Required fields are marked *

Share this Doc

Authentication

Or copy link

CONTENTS

Powered By EazyDocs

Get started