Awesome
Shopify OAuth 2.0 Client Provider
Shopify OAuth 2.0 Client Provider.
Install
Via Composer
$ composer require pizdata/oauth2-shopify
Usage
$provider = new Pizdata\OAuth2\Client\Provider\Shopify([
'clientId' => '{shopify-client-id}', // The client ID assigned to you by the Shopify
'clientSecret' => '{shopify-client-secret}', // The client password assigned to you by the Shopify
'redirectUri' => 'http://localhost/callback', // The redirect URI assigned to you
'shop' => 'pizdata.myshopify.com', // The Shop name
]);
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
// Setting up scope
$options = [
'scope' => [
'read_content', 'write_content',
'read_themes', 'write_themes',
'read_products', 'write_products',
'read_customers', 'write_customers',
'read_orders', 'write_orders',
'read_draft_orders', 'write_draft_orders',
'read_script_tags', 'write_script_tags',
'read_fulfillments', 'write_fulfillments',
'read_shipping', 'write_shipping',
'read_analytics',
]
];
// Fetch the authorization URL from the provider; this returns the
// urlAuthorize option and generates and applies any necessary parameters
// (e.g. state).
$authorizationUrl = $provider->getAuthorizationUrl($options);
// Get the state generated for you and store it to the session.
$_SESSION['oauth2state'] = $provider->getState();
// Redirect the user to the authorization URL.
header('Location: ' . $authorizationUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {
if (isset($_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
}
exit('Invalid state');
} else {
try {
// Try to get an access token using the authorization code grant.
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
$store = $provider->getResourceOwner($accessToken);
// Access to Store base information
echo $store->getName();
echo $store->getEmail();
echo $store->getDomain();
// Use this to interact with an API on the users behalf
echo $token->getToken();
} catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
// Failed to get the access token or user details.
exit($e->getMessage());
}
}
Change log
Please see CHANGELOG for more information on what has changed recently.
Testing
$ composer test
Contributing
Please see CONTRIBUTING and CONDUCT for details.
Security
If you discover any security related issues, please email roman+gh@sevastyanov.io instead of using the issue tracker.
Credits
License
The MIT License (MIT). Please see License File for more information.