New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth HMAC validation doesn't work since Shopify removed MD5 validation on June 1st 2016 #19
Comments
As quick fix you just can comment out the request validation in oauth.php
But for sure then the app is less secure. So this works as a workaround but isn't fixing the problem. |
I will do a pull request when time permits. but here is a function with the meat and bones to replace function is_valid_request() attribute to ohShopify.php
|
That looks pretty good! Thanks for the help @myjanky! |
You are welcome. Goes without saying that this is for phpish/shopify and not the shopify_app_skeleton. And $this->secret can be changed to $secret. |
you can use this function instead of is_valid_request() function
|
@pupinder
|
Hello, I am having this persistent error every time I try to install my app and this is so far the many things I have tried. I have phpish/shopify_app-skeleton in my server and compose install with all dependencies define('REDIRECT_URL', 'http://my-app-name.hosting.com/app/oauth.php'); after that in my oauth.php file I place at the end of the line 16 my gobal variable "REDIRECT_URL" like this: $permission_url = shopify\authorization_url($_GET['shop'], SHOPIFY_APP_API_KEY, array('read_content', 'write_content', 'read_themes', 'write_themes', 'read_products', 'write_products', 'read_customers', 'write_customers', 'read_orders', 'write_orders', 'read_script_tags', 'write_script_tags', 'read_fulfillments', 'write_fulfillments', 'read_shipping', 'write_shipping'),REDIRECT_URL); also I have commented the line 11: shopify\is_valid_request($_GET, SHOPIFY_APP_SHARED_SECRET) or die('Invalid Request! Request or redirect did not come from Shopify'); even I have replace line 11 with the function explained in this post but not result came up. but nothing works... any advice ??? anything else to do, I am doing something wrong o missing any steps? |
I didn't found any file named "ohShopify.php" i am getting same error so how to fix? |
https://github.com/cmcdonaldca/ohShopify.php |
I used this great resource for the base of Shopify app, however since Shopify removed the MD5 validation on June 1st 2016 I always get an error message when I'm trying to install the app to a new stor. "Invalid Request! Request or redirect did not come from Shopify."
I read a lot about how to do the validation here: https://help.shopify.com/api/guides/authentication/oauth
however when I map the received values I only have hmac, timestamp and store. No code and signature.
Anyone has a workaround for this? I appreciate any help!!!!
P.s.: I use exactly the same code uploaded here without any modification.
The text was updated successfully, but these errors were encountered: