Added: Relogin embedded app user on token expiry and saved shopify app state in auth store(#793)#794
Conversation
Hide go to launchpad button update shopify app state in auth store Changelog: Added
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @Banibrata-Manna, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request enhances the application's authentication flow, particularly for embedded environments, by ensuring seamless re-authentication upon token expiry and improving the persistence of application state. Additionally, it refines the user interface by conditionally hiding elements not relevant to embedded users.
Highlights
- Embedded App Relogin: Implemented a mechanism to redirect embedded app users to the DXP Login page for re-authentication when their token expires, ensuring a new token is acquired.
- Shopify App State Persistence: The
shopifyAppBridgestate is now saved within the user's authentication store, improving state management for embedded Shopify applications. - UI Refinement for Embedded Apps: The 'Go to Launchpad' button in the settings view is now hidden for users accessing the application in an embedded context, streamlining the user interface.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request updates the authentication flow to handle token expiry for embedded apps by redirecting to an internal login page. It also persists the Shopify App Bridge state and hides the 'Go to Launchpad' button in embedded mode. My review includes a suggestion to refactor the authentication guard in src/router/index.ts for improved clarity and to remove redundant code.
| if (authStore.isEmbedded) { | ||
| next('/login'); | ||
| loader.dismiss(); | ||
| return; | ||
| } | ||
| // TODO use authenticate() when support is there | ||
| const redirectUrl = window.location.origin + '/login' | ||
| window.location.href = authStore.isEmbedded ? appLoginUrl : `${appLoginUrl}?redirectUrl=${redirectUrl}` |
There was a problem hiding this comment.
The logic for handling non-authenticated users can be simplified. The authStore.isEmbedded check in the window.location.href assignment is now redundant because the embedded case is handled in the if block above it. Additionally, it's a good practice to dismiss the loader before triggering navigation to avoid potential race conditions. The suggested change refactors this logic for better clarity and correctness.
| if (authStore.isEmbedded) { | |
| next('/login'); | |
| loader.dismiss(); | |
| return; | |
| } | |
| // TODO use authenticate() when support is there | |
| const redirectUrl = window.location.origin + '/login' | |
| window.location.href = authStore.isEmbedded ? appLoginUrl : `${appLoginUrl}?redirectUrl=${redirectUrl}` | |
| if (authStore.isEmbedded) { | |
| loader.dismiss(); | |
| next('/login'); | |
| return; | |
| } | |
| // TODO use authenticate() when support is there | |
| const redirectUrl = window.location.origin + '/login' | |
| window.location.href = `${appLoginUrl}?redirectUrl=${redirectUrl}` |
…login route of app instead of launchpad
… stored token can cause unauthorised api calls
…ount into #793_relogin_embedded_app_user_on_token_expiry
1 participant
Related Issue: #793
Updated the auth gaurd to redirect user DXP Login page if the token gets expired, there user will be relogged in with new token in return. Hidded go to launchpad button from user if app is embedded.