-
-
Save drovani/8199b1e0ffa1976c00af6781fcb98fbf to your computer and use it in GitHub Desktop.
function (user, context, callback) { | |
if (context.clientMetadata && context.clientMetadata.shopify_domain && context.clientMetadata.shopify_multipass_secret) | |
{ | |
const RULE_NAME = 'shopify-multipasstoken'; | |
const CLIENTNAME = context.clientName; | |
console.log(`${RULE_NAME} started by ${CLIENTNAME}`); | |
const now = (new Date()).toISOString(); | |
let shopifyToken = { | |
email: user.email, | |
created_at: now, | |
identifier: user.user_id, | |
remote_ip: context.request.ip | |
}; | |
if (context.request && context.request.query && context.request.query.return_to){ | |
shopifyToken.return_to = context.request.query.return_to; | |
} | |
if (context.user_metadata) | |
{ | |
shopifyToken.first_name = user.user_metadata.given_name; | |
shopifyToken.last_name= user.user_metadata.family_name; | |
} | |
const hash = crypto.createHash("sha256").update(context.clientMetadata.shopify_multipass_secret).digest(); | |
const encryptionKey = hash.slice(0, 16); | |
const signingKey = hash.slice(16, 32); | |
const iv = crypto.randomBytes(16); | |
const cipher = crypto.createCipheriv('aes-128-cbc', encryptionKey, iv); | |
const cipherText = Buffer.concat([iv, cipher.update(JSON.stringify(shopifyToken), 'utf8'), cipher.final()]); | |
const signed = crypto.createHmac("SHA256", signingKey).update(cipherText).digest(); | |
const token = Buffer.concat([cipherText, signed]).toString('base64'); | |
const urlToken = token.replace(/\+/g, '-').replace(/\//g, '_'); | |
context.redirect = { | |
url: `https://${context.clientMetadata.shopify_domain}/account/login/multipass/${urlToken}` | |
}; | |
} | |
return callback(null, user, context); | |
} |
@chrismarkpd ah, I can use plain JS in liquid? I'm a complete noob to Shopify! I'll give that a shot
yeah just put the <script> tags and you should be good to go. liquid loads first since it's server side rendered, but js should be able to do what you are looking for. we do something similar
@chrismarkpd yeah, document.referrer solved my issue! Thanks for the assist
Hey @drovani, we are still facing the IPv6 issue. Have you found any workaround for it?
Thanks
Hey @drovani, we are still facing the IPv6 issue. Have you found any workaround for it? Thanks
Unfortunately, Shopify still doesn't have support for IPv6 ip restriction. It'll still cause an error (without no feedback on the problem) if you pass a non-IPv4 address. The only solution is to just no include that parameter in your payload coming from Auth0.
Hi David. Do you have any idea how to allow information to be stored to Monitoring/Log/Login success information. Using callback redirect on line 39 actually breacking the authorization flow and although user is authenticated in Shopify is still not authenticated in Auth0.
So basically how to make the redirect AFTER Auth0 flow is completed.
p.s. If you think the Auth0 actions more suitable for this I already converted this rule to action.
@souxin It's been a while since I was in Auth0, so I may not have the most recent information for you. Having said that, I believe that these rules run after Auth0 has authenticated the user.
I haven't looked into Actions yet, so I don't know if that is what is causing your issue.
Having said that, I believe that these rules run after Auth0 has authenticated the user.
Actually not.
This redirect is breaking the auth flow. And the token wasn't issued. Hence no auth is recording. BTW in Auth0 community I found confirmation about that.
But thank you for your answer.
@afalahi you can just use
request.path
or use javascript to dynamically inject the path?