Unable to receive a permanent access token for my Shopify App

Question

I'm following the Shopify instructions to get a permanent token for a particular app/shop combination (http://api.shopify.com/authentication.html).

I'm able to get the temporary token and then use a simple html form to receive a permanent token:

But the response I get is: {"error":"invalid_request"}

Can you help me, please? I searched everywhere (Stackoverflow, Shopify support forums, etc...) but cannot find a clue on how to solve this. My app is online and hosted on Heroku.

Thanks,

Answer 1

I think we have similar minds! I was experiencing the exact same issue as you. I think we were both confused by the documentation!

I generated my app using the shopify_app gem. This created the following method in login_controller.rb:

def finalize
  if response = request.env['omniauth.auth']
    sess = ShopifyAPI::Session.new(params['shop'], response['credentials']['token'])
    session[:shopify] = sess        
    flash[:notice] = "Logged in"
    redirect_to return_address
    session[:return_to] = nil
  else
    flash[:error] = "Could not log in to Shopify store."
    redirect_to :action => 'index'
  end
end

Line 3 of that (ShopifyAPI::Session.new) is doing Step 2 of the Shopify Authentication for us. It's fetching us a permanent access token.

The variable sess will now contain two things:

1. The *.myshopify.com domain of the shop (url)
2. A permanent access token to save for future use (token)

As John Duff said - we already have an access token! We don't need to POST to https://SHOP_NAME.myshopify.com/admin/oauth/access_token. It's handled for us in the code generated by the shopify_app gem.

In my finalize method, I added a line:

def finalize
  if response = request.env['omniauth.auth']
    sess = ShopifyAPI::Session.new(params['shop'], response['credentials']['token'])

    Shop.find_or_create_by_myshopify_domain(sess.url, access_token: sess.token)
  ...

This creates a shop and assigns it the access token. My Shop model has the attributes myshopify_domain and access_token.

In the future, if I want to use the ShopifyAPI for that shop, I can just follow the instructions found on the shopify_api gem homepage

I spent hours trying to nut this one out. I'm not sure how the documentation could be clearer. Hopefully if the issue comes up again, people find this StackOverflow page!

I hope this was a help for you.

Cheers, Nick

Answer 2

Once the code is used once it expires, you need to store the token or request a new code. In the logs one of your requests succeeded, then you continued making access token requests with the same code which failed because the code was expired.

Try requesting permission again and making the access token call with the new code that you receive. Make sure to store the access token because the code cannot be used again.