🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@nestjs-shopify/auth

Package Overview
Dependencies
Maintainers
1
Versions
32
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@nestjs-shopify/auth

An OAuth setup for NestJS using Shopify's [@shopify/shopify-node-api](https://github.com/Shopify/shopify-node-api) package. Allows for online and offline auth using this module.

6.0.1
latest
Source
npm
Version published
Maintainers
1
Created
Source

@nestjs-shopify/auth

An OAuth setup for NestJS using Shopify's @shopify/shopify-node-api package. Allows for online and offline auth using this module.

Installation

Install package using NPM:

npm install @nestjs-shopify/auth

or using Yarn:

yarn add @nestjs-shopify/auth

Make sure you have your Shopify context initialized:

npm install @nestjs-shopify/express @nestjs-shopify/core

Note

Install @nestjs-shopify/express if you are using Express, or @nestjs-shopify/fastify if you are using Fastify.

See @nestjs-shopify/express usage: https://github.com/nestjs-shopify/nestjs-shopify/tree/main/packages/express

Usage

@nestjs-shopify/auth supports either Token Exchange or Authorization Code Grant Flow. The choice of auth strategy is configured by setting the authStrategy argument to either AuthStrategy.TokenExchange or AuthStrategy.AuthorizationCode. If not set, this property defaults to AuthStrategy.AuthorizationCode due to backwards compatibility.

Token Exchange

From any module, import the ShopifyAuthModule using forRootOnline, forRootOffline, forRootAsyncOnline or forRootAsyncOffline and set the authStrategy argument to AuthStrategy.TokenExchange:

// app.module.ts
import { AuthStrategy, ShopifyAuthModule } from '@nestjs-shopify/auth';

@Module({
  imports: [
    ShopifyAuthModule.forRootOnline(AuthStrategy.TokenExchange, {
      returnHeaders: true,
    }),
  ],
})
export class AppModule {}

Or using useFactory/useClass/useExisting:

// app.module.ts
import { AuthStrategy, ShopifyAuthModule } from '@nestjs-shopify/auth';

@Module({
  imports: [
    ShopifyAuthModule.forRootAsyncOnline(AuthStrategy.TokenExchange, {
      useFactory: () => ({
        returnHeaders: true,
      }),
    }),
  ],
})
export class AppModule {}

You can provide an injectable that will be called after a token exchange for an offline or online auth was successful:

// auth-handler/auth-handler.module.ts
import { MyAuthHandler } from './my-auth.handler';

@Module({
  providers: [MyAuthHandler],
  exports: [MyAuthHandler],
})
export class AuthHandlerModule {}

// auth-handler/my-auth.handler.ts
@Injectable()
export class MyAuthHandler implements ShopifyTokenExchangeAuthAfterHandler {
  constructor(private readonly tokenExchangeService: ShopifyTokenExchangeService) {}
  async afterAuth({ session, sessionToken }: ShopifyTokenExchangeAuthAfterHandlerParams) {
    if (session.isOnline) {
      try {
        const offlineSession = await this.tokenExchangeService.exchangeToken(sessionToken, session.shop, AccessMode.Offline);
        // store session
      } catch (e) {
        /* empty */
      }
    }
  }
}

and provide and inject it to your ShopifyAuthModule:

// app.module.ts
import { AuthStrategy, ShopifyAuthModule } from '@nestjs-shopify/auth';
import { AuthHandlerModule } from './auth-handler/auth-handler.module';
import { MyAuthHandler } from './auth-handler/my-auth.handler';

@Module({
  imports: [
    ShopifyAuthModule.forRootAsyncOnline(AuthStrategy.TokenExchange, {
      imports: [AuthHandlerModule],
      useFactory: (afterAuthHandler: MyAuthHandler) => ({
        returnHeaders: true,
        afterAuthHandler,
      }),
      inject: [MyAuthHandler],
    }),
  ],
})
export class AppModule {}

Authorization Code Grant Flow

From any module, import the ShopifyAuthModule using forRootOnline, forRootOffline, forRootAsyncOnline or forRootAsyncOffline and set the authStrategy to AUTHORIZATION_CODE_FLOW:

// app.module.ts
import { AuthStrategy, ShopifyAuthModule } from '@nestjs-shopify/auth';

@Module({
  imports: [
    ShopifyAuthModule.forRootOnline(AuthStrategy.AuthorizationCode, {
      basePath: 'user',
    }),
  ],
})
export class AppModule {}

Or using useFactory/useClass/useExisting:

// app.module.ts
import { AuthStrategy, ShopifyAuthModule } from '@nestjs-shopify/auth';

@Module({
  imports: [
    ShopifyAuthModule.forRootAsyncOnline(AuthStrategy.AuthorizationCode, {
      useFactory: () => ({
        basePath: 'user',
      }),
    }),
  ],
})
export class AppModule {}

You can provide an injectable that can handle the redirection or any other setup you want after an offline or online auth was successful:

// auth-handler/auth-handler.module.ts
import { MyAuthHandler } from './my-auth.handler';

@Module({
  providers: [MyAuthHandler],
  exports: [MyAuthHandler],
})
export class AuthHandlerModule {}

// auth-handler/my-auth.handler.ts
@Injectable()
export class MyAuthHandler implements ShopifyAuthAfterHandler {
  async afterAuth(req: Request, res: Response, session: Session) {
    // implement your logic after a successful auth.
    // you can check `session.isOnline` to see if it was an online auth or offline auth.
  }
}

and provide and inject it to your ShopifyAuthModule:

// app.module.ts
import { AuthStrategy, ShopifyAuthModule } from '@nestjs-shopify/auth';
import { AuthHandlerModule } from './auth-handler/auth-handler.module';
import { MyAuthHandler } from './auth-handler/my-auth.handler';

@Module({
  imports: [
    ShopifyAuthModule.forRootAsyncOnline(AuthStrategy.AuthorizationCode, {
      imports: [AuthHandlerModule],
      useFactory: (afterAuthHandler: MyAuthHandler) => ({
        basePath: 'user',
        afterAuthHandler,
      }),
      inject: [MyAuthHandler],
    }),
  ],
})
export class AppModule {}

You can also use useClass and useExisting to register the ShopifyAuthModule.

You can also register both auth modes using the same Module:

// app.module.ts
import { AuthStrategy, ShopifyAuthModule } from '@nestjs-shopify/auth';
import { AuthHandlerModule } from './auth-handler/auth-handler.module';
import { MyAuthHandler } from './auth-handler/my-auth.handler';

@Module({
  imports: [
    ShopifyAuthModule.forRootAsyncOnline(AuthStrategy.AuthorizationCode, {
      imports: [AuthHandlerModule],
      useFactory: (afterAuthHandler: MyAuthHandler) => ({
        basePath: 'user',
        afterAuthHandler,
      }),
      inject: [MyAuthHandler],
    }),
    ShopifyAuthModule.forRootAsyncOffline(AuthStrategy.AuthorizationCode, {
      imports: [AuthHandlerModule],
      useFactory: (afterAuthHandler: MyAuthHandler) => ({
        basePath: 'shop',
        afterAuthHandler,
      }),
      inject: [MyAuthHandler],
    }),
  ],
})
export class AppModule {}

Now, with this AppModule configured, if you want to install an App and store the offline access token in your DB, or Redis, or whatever storage you prefer, just visit /shop/auth?shop=<yourshopname>.myshopify.com. And if you want to create short-lived online access token, for instance, to only perform one-off requests to Shopify Admin GraphQL, you can visit /user/auth?shop=<yourshopname>.myshopify.com.

Authorization

When ShopifyAuthModule is setup, you can use @UseShopifyAuth() to require online or offline session in Controllers or specific routes. Example:

import { AccessMode, CurrentSession, UseShopifyAuth } from '@nestjs-shopify/auth';
import { Controller, Get } from '@nestjs/common';
import { Session } from '@shopify/shopify-api';

@UseShopifyAuth(AccessMode.Online)
@Controller()
export class ProductsController {
  @Get('products')
  index(@CurrentSession() session: Session) {
    // do something
  }

  @Get('products/:id')
  // Overriding the controller access mode:
  @UseShopifyAuth(AccessMode.Offline)
  show(@CurrentSession() session: Session, @Param('id') productId: string) {
    // do something
  }
}

FAQs

Package last updated on 25 Mar 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and More

Security News

ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and More

ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.

By Sarah Gooding  -  Jun 26, 2025