Support | Move to Appbridge v4

src/Http/Middleware/VerifyShopify.php

@@ -387,10 +387,10 @@ protected function getAccessTokenFromRequest(Request $request): ?string
                 return $newestToken;
             }
 
-            return $request->get('token');
+            return $request->get('id_token');
         }
 
-        return $this->isApiRequest($request) ? $request->bearerToken() : $request->get('token');
+        return $this->isApiRequest($request) ? $request->bearerToken() : $request->get('id_token');
     }
 
     /**

src/resources/views/auth/token.blade.php

@@ -37,9 +37,30 @@
 
     @if(config('shopify-app.appbridge_enabled'))
         <script>
-            const host = new URLSearchParams(location.search).get("host")
-            utils.getSessionToken(app).then((token) => {
-                window.location.href = `{!! $target !!}{!! Str::contains($target, '?') ? '&' : '?' !!}token=${token}{{ Str::contains($target, 'host')? '' : '&host=${host}'}}`;
+            const host = new URLSearchParams(location.search).get("host");
+
+            shopify.idToken().then((token) => {
+                // Construct the initial target path and convert it into a URL object
+                let targetPath = `{!! $target !!}{!! Str::contains($target, '?') ? '&' : '?' !!}id_token=${token}{{ Str::contains($target, 'host') ? '' : '&host=${host}'}}`;
+                const targetUrl = new URL(targetPath, window.location.origin); // Uses current origin to build URL
+
+                // Parse and update search parameters from the target URL
+                const urlParams = targetUrl.searchParams;
+                urlParams.set('id_token', token); // Ensure 'id_token' is set or updated
+                if (host) {
+                    urlParams.set('host', host); // Ensure 'host' is set if it was not in the target
+                }
+
+                // Enforce HTTPS if the current page is using HTTPS
+                if (window.location.protocol === 'https:') {
+                    targetUrl.protocol = 'https:';
+                }
+
+                // Only push to history if the final URL is different from the current URL
+                if (window.location.href !== targetUrl.href) {
+                    window.location = targetUrl; // Redirect to the target URL
+                    history.pushState(null, '', targetUrl.href); // Update the URL in the history without a page reload
+                }
             });
         </script>
     @endif

src/resources/views/layouts/default.blade.php

@@ -1,44 +1,30 @@
 <!DOCTYPE html>
 <html lang="en">
-    <head>
-        <meta charset="utf-8">
-        <meta name="csrf-token" content="{{ csrf_token() }}">
+<head>
+    <meta charset="utf-8">
+    <meta name="csrf-token" content="{{ csrf_token() }}">
 
-        <title>{{ \Osiset\ShopifyApp\Util::getShopifyConfig('app_name') }}</title>
-        @yield('styles')
-    </head>
+    <title>{{ \Osiset\ShopifyApp\Util::getShopifyConfig('app_name') }}</title>
 
-    <body>
-        <div class="app-wrapper">
-            <div class="app-content">
-                <main role="main">
-                    @yield('content')
-                </main>
-            </div>
-        </div>
+    <meta name="shopify-api-key" content="{{ \Osiset\ShopifyApp\Util::getShopifyConfig('api_key', $shopDomain ?? Auth::user()->name ) }}"/>
+    <script src="https://cdn.shopify.com/shopifycloud/app-bridge.js"></script>
 
-        @if(\Osiset\ShopifyApp\Util::getShopifyConfig('appbridge_enabled') && \Osiset\ShopifyApp\Util::useNativeAppBridge())
-            <script src="{{config('shopify-app.appbridge_cdn_url') ?? 'https://unpkg.com'}}/@shopify/app-bridge{{ \Osiset\ShopifyApp\Util::getShopifyConfig('appbridge_version') ? '@'.config('shopify-app.appbridge_version') : '' }}"></script>
-            <script
-                @if(\Osiset\ShopifyApp\Util::getShopifyConfig('turbo_enabled'))
-                    data-turbolinks-eval="false"
-                @endif
-            >
-                var AppBridge = window['app-bridge'];
-                var actions = AppBridge.actions;
-                var utils = AppBridge.utilities;
-                var createApp = AppBridge.default;
-                var app = createApp({
-                    apiKey: "{{ \Osiset\ShopifyApp\Util::getShopifyConfig('api_key', $shopDomain ?? Auth::user()->name ) }}",
-                    host: "{{ \Request::get('host') }}",
-                    forceRedirect: true,
-                });
-            </script>
+    @yield('styles')
+</head>
 
-            @include('shopify-app::partials.token_handler')
-            @include('shopify-app::partials.flash_messages')
-        @endif
+<body>
+<div class="app-wrapper">
+    <div class="app-content">
+        <main role="main">
+            @yield('content')
+        </main>
+    </div>
+</div>
 
-        @yield('scripts')
-    </body>
+@if(\Osiset\ShopifyApp\Util::getShopifyConfig('appbridge_enabled') && \Osiset\ShopifyApp\Util::useNativeAppBridge())
+    @include('shopify-app::partials.token_handler')
+@endif
+
+@yield('scripts')
+</body>
 </html>

src/resources/views/partials/token_handler.blade.php

@@ -4,13 +4,13 @@
 
     // Token updates
     document.addEventListener(LOAD_EVENT, () => {
-        retrieveToken(app);
-        keepRetrievingToken(app);
+        retrieveToken(shopify);
+        keepRetrievingToken(shopify);
     });
 
     // Retrieve session token
     async function retrieveToken(app) {
-        window.sessionToken = await utils.getSessionToken(app);
+        window.sessionToken = await app.idToken();
 
         // Update everything with the session-token class
         Array.from(document.getElementsByClassName('session-token')).forEach((el) => {

tests/Traits/HomeControllerTest.php

@@ -25,20 +25,18 @@ public function testHomeRoute(): void
         $shop = factory($this->model)->create(['name' => 'shop-name.myshopify.com']);
 
         $host = base64_encode($shop->getDomain()->toNative().'/admin');
-        $this->call('get', '/', ['token' => $this->buildToken(), 'host' => $host])
+        $this->call('get', '/', ['id_token' => $this->buildToken(), 'host' => $host])
             ->assertOk()
-            ->assertSee('apiKey: "'.Util::getShopifyConfig('api_key').'"', false)
-            ->assertSee("host: \"{$host}\"", false);
+            ->assertSee('name="shopify-api-key" content="'.Util::getShopifyConfig('api_key').'"', false);
     }
 
     public function testHomeRouteHostAdmin(): void
     {
         $shop = factory($this->model)->create(['name' => 'shop-name.myshopify.com']);
 
         $host = base64_encode('admin.shopify.com/store/shop-name');
-        $this->call('get', '/', ['token' => $this->buildToken(), 'host' => $host])
+        $this->call('get', '/', ['id_token' => $this->buildToken(), 'host' => $host])
             ->assertOk()
-            ->assertSee('apiKey: "'.Util::getShopifyConfig('api_key').'"', false)
-            ->assertSee("host: \"{$host}\"", false);
+            ->assertSee('name="shopify-api-key" content="'.Util::getShopifyConfig('api_key').'"', false);
     }
 }