0

So, I have an ASP.Net Shopify app which pulls information (orders) from Shopify.

My goal is to have it to display the order data without having to redirect the browser to Shopify for authentication. Instead I want the server side code store the password and create the authentication tokens and "behind the scenes" talk to Shopify, and I guess, act as the browser would have.

(Would I need something like this "grant" library, but for .NET instead of NodeJS?)

The code currently gets tokens like this:

    [HttpGet]
    public async Task<ActionResult> Login([FromQuery] string shop = "somehostname.myshopify.com")
    {
        var requiredPermissions = new [] { "read_orders", "read_products" };
        var oauthState = await _dataContext.States.AddAsync(new OauthState
        {
            DateCreated = DateTimeOffset.Now,
            Token = Guid.NewGuid().ToString()
        });

        await _dataContext.SaveChangesAsync();

        var oauthUrl = AuthorizationService.BuildAuthorizationUrl(
            requiredPermissions,
            shop,
            _secrets.ShopifyApiKey,
            _oauthRedirectUrl,
            oauthState.Entity.Token);

        return Redirect(oauthUrl.ToString());
    }

This is the code which sets up AspNetCore authentication builder:

private static void ConfigureCookieAuthentication(CookieAuthenticationOptions options)
    {
        options.Cookie.HttpOnly = true;
        options.SlidingExpiration = true;
        options.ExpireTimeSpan = TimeSpan.FromDays(1);
        options.LogoutPath = "/Auth/Logout";
        options.LoginPath = "/Auth/Login";
        options.AccessDeniedPath = "/Auth/Login";
    }


     // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(ConfigureCookieAuthentication);
        services.AddControllersWithViews();
        // Add the database context which injects the context into each controller's constructor
        services.AddDbContext<DataContext>(options => options.UseSqlite(GetSqlConnectionString()));
        // Add ISecrets so classes can use the Shopify secret/api keys
        services.AddSingleton<ISecrets, Secrets>();
    }

But none of this really helps, does it? Would I need to have the server side pretend to be a desktop browser and login to the login form like a human user would have, or is there some mechanism in OAuth itself which would let me do what I want?

Any ideas on how to make the server side do the login itself against Shopify (or whatever OAuth server) instead of the browser?

Prof. Falken
  • 24,226
  • 19
  • 100
  • 173
  • I suppose this is related somehow but it's going over my head: https://stackoverflow.com/questions/57072374/programmatic-authentication-with-oauth2 – Prof. Falken Aug 24 '23 at 21:19

0 Answers0