Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create_permission_url does not accept state parameter #466

Closed
drewish opened this issue Sep 18, 2018 · 3 comments · Fixed by #670
Closed

create_permission_url does not accept state parameter #466

drewish opened this issue Sep 18, 2018 · 3 comments · Fixed by #670
Labels
docs feature request

Comments

@drewish
Copy link

drewish commented Sep 18, 2018

The readme mentions that we should be providing and checking the state parameter:

  • state – Optional – A randomly selected value provided by your application, which is unique for each authorization request. During the OAuth callback phase, your application must check that this value matches the one you provided during authorization. This mechanism is important for the security of your application.
  • Ensure the provided state is the same one that your application provided to Shopify during Step 3.

But surprisingly the create_permission_url method does not accept a state parameter.
drewish added a commit to drewish/shopify_api that referenced this issue Sep 19, 2018
@drewish
Add a param for state
5c0cf5b 
Fixes Shopify#466
@drewish drewish mentioned this issue Sep 19, 2018
Closed
drewish added a commit to drewish/shopify_api that referenced this issue Sep 19, 2018
@drewish
Add a param for state
8865119 
Fixes Shopify#466

Includes some style fixes.
drewish added a commit to drewish/shopify_api that referenced this issue Sep 19, 2018
@drewish
Add a state param to create_permission_url
0ce3b80 
Fixes Shopify#466

Includes some style fixes.
@richter-alex richter-alex mentioned this issue Oct 17, 2018
Closed
@JamesDullaghan
Copy link

Is this going to be merged anytime soon?

@juliantrueflynn
Copy link

juliantrueflynn commented May 3, 2019
edited
Loading

Following up on this, it would be really nice to add for security reasons and have it from official API gem. For now, I just rolled my own create_permission_url method

@drewish
Copy link
Author

drewish commented May 3, 2019

I’m no longer using the gem so someone else would need to take over any changes.

@jdjkelly jdjkelly mentioned this issue Jan 18, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs feature request
Projects
None yet
Milestone
No milestone
4 participants
@drewish @nwtn @juliantrueflynn @JamesDullaghan