Project

lucid-shopify-session

0.0

Repository is archived

No commit activity in last 3 years

No release in over 3 years

lucid-shopify-session kj/lucid-shopify-session Homepage Documentation Source Code Bug Tracker Wiki

Shopify client library session token helpers for embedded apps

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

2025

Popularity

1,730

Releases

0.0.1

2020-12-14

2020-12-14

Development

Primary Language

Ruby

Licenses

ISC

Average date of last 50 commits

2020-12-14

Reverse Dependencies

Dependencies

Development

rspec

~> 3.9

rubocop

~> 0.89

Runtime

jwt

~> 2.2

lucid-shopify

~> 0.64

Project Readme

lucid-shopify-session

This is Shopify's new cookieless authentication method for embedded apps, which makes use of session tokens provided by App Bridge to identify the shop. Session cookies are no longer viable due to browsers (starting with Safari) disabling third-party cookies by default. It is possible to work around, but quite impractical and harmful to the user experience, so all embedded apps should use this new method going forward.

This method also replaces CSRF tokens, as the JWT provides the same protection considering that the signed JWT must originate from the Shopify admin (with the shared secret), so authenticated requests cannot be forged.

Installation

Add the gem to your ‘Gemfile’:

gem 'lucid-shopify'
gem 'lucid-shopify-session'

Usage

WIP