Token exchange expiring offline token based on configuration

Author: zzooeeyy

lib/shopify_api/auth/token_exchange.rb

@@ -49,6 +49,10 @@ def exchange_token(shop:, session_token:, requested_token_type:)
             requested_token_type: requested_token_type.serialize,
           }
 
+          if requested_token_type == RequestedTokenType::OFFLINE_ACCESS_TOKEN
+            body.merge!({ expiring: ShopifyAPI::Context.expiring_offline_access_tokens ? 1 : 0 })
+          end
+
           client = Clients::HttpClient.new(session: shop_session, base_path: "/admin/oauth")
           response = begin
             client.request(

test/auth/token_exchange_test.rb

@@ -23,19 +23,34 @@ def setup
           sid: "abc123",
         }
         @session_token = JWT.encode(@jwt_payload, ShopifyAPI::Context.api_secret_key, "HS256")
-        @token_exchange_request = {
+        base_offline_token_exchange_request = {
           client_id: ShopifyAPI::Context.api_key,
           client_secret: ShopifyAPI::Context.api_secret_key,
           grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
           subject_token_type: "urn:ietf:params:oauth:token-type:id_token",
           subject_token: @session_token,
           requested_token_type: "urn:shopify:params:oauth:token-type:offline-access-token",
         }
+        @non_expiring_offline_token_exchange_request = base_offline_token_exchange_request.merge({ expiring: 0 })
+        @expiring_offline_token_exchange_request = base_offline_token_exchange_request.merge({ expiring: 1 })
+
+        @online_token_exchange_request = base_offline_token_exchange_request.merge(
+          { requested_token_type: "urn:shopify:params:oauth:token-type:online-access-token" },
+        )
+
         @offline_token_response = {
           access_token: SecureRandom.alphanumeric(10),
           scope: "scope1,scope2",
           session: SecureRandom.alphanumeric(10),
         }
+        @expiring_offline_token_response = @offline_token_response.merge(
+          {
+            expires_in: 2000,
+            refresh_token: SecureRandom.alphanumeric(10),
+            refresh_token_expires_in: 4000,
+          },
+        )
+
         @online_token_response = {
           access_token: SecureRandom.alphanumeric(10),
           scope: "scope1,scope2",
@@ -117,7 +132,7 @@ def test_exchange_token_invalid_session_token
       def test_exchange_token_rejected_session_token
         modify_context(is_embedded: true)
         stub_request(:post, "https://#{@shop}/admin/oauth/access_token")
-          .with(body: @token_exchange_request)
+          .with(body: @non_expiring_offline_token_exchange_request)
           .to_return(
             status: 400,
             body: { error: "invalid_subject_token" }.to_json,
@@ -134,9 +149,9 @@ def test_exchange_token_rejected_session_token
       end
 
       def test_exchange_token_offline_token
-        modify_context(is_embedded: true)
+        modify_context(is_embedded: true, expiring_offline_access_tokens: false)
         stub_request(:post, "https://#{@shop}/admin/oauth/access_token")
-          .with(body: @token_exchange_request)
+          .with(body: @non_expiring_offline_token_exchange_request)
           .to_return(body: @offline_token_response.to_json, headers: { content_type: "application/json" })
         expected_session = ShopifyAPI::Auth::Session.new(
           id: "offline_#{@shop}",
@@ -146,6 +161,8 @@ def test_exchange_token_offline_token
           is_online: false,
           expires: nil,
           shopify_session_id: @offline_token_response[:session],
+          refresh_token: nil,
+          refresh_token_expires: nil,
         )
 
         session = ShopifyAPI::Auth::TokenExchange.exchange_token(
@@ -157,12 +174,38 @@ def test_exchange_token_offline_token
         assert_equal(expected_session, session)
       end
 
+      def test_exchange_token_expiring_offline_token
+        modify_context(is_embedded: true, expiring_offline_access_tokens: true)
+        stub_request(:post, "https://#{@shop}/admin/oauth/access_token")
+          .with(body: @expiring_offline_token_exchange_request)
+          .to_return(body: @expiring_offline_token_response.to_json, headers: { content_type: "application/json" })
+        expected_session = ShopifyAPI::Auth::Session.new(
+          id: "offline_#{@shop}",
+          shop: @shop,
+          access_token: @expiring_offline_token_response[:access_token],
+          scope: @expiring_offline_token_response[:scope],
+          is_online: false,
+          expires: @stubbed_time_now + @expiring_offline_token_response[:expires_in].to_i,
+          shopify_session_id: @expiring_offline_token_response[:session],
+          refresh_token: @expiring_offline_token_response[:refresh_token],
+          refresh_token_expires: @stubbed_time_now + @expiring_offline_token_response[:refresh_token_expires_in].to_i,
+        )
+
+        session = Time.stub(:now, @stubbed_time_now) do
+          ShopifyAPI::Auth::TokenExchange.exchange_token(
+            shop: @shop,
+            session_token: @session_token,
+            requested_token_type: ShopifyAPI::Auth::TokenExchange::RequestedTokenType::OFFLINE_ACCESS_TOKEN,
+          )
+        end
+
+        assert_equal(expected_session, session)
+      end
+
       def test_exchange_token_online_token
         modify_context(is_embedded: true)
         stub_request(:post, "https://#{@shop}/admin/oauth/access_token")
-          .with(body: @token_exchange_request.dup.tap do |h|
-                        h[:requested_token_type] = "urn:shopify:params:oauth:token-type:online-access-token"
-                      end)
+          .with(body: @online_token_exchange_request)
           .to_return(body: @online_token_response.to_json, headers: { content_type: "application/json" })
         expected_session = ShopifyAPI::Auth::Session.new(
           id: "#{@shop}_#{@online_token_response[:associated_user][:id]}",

test/test_helper.rb

@@ -53,6 +53,7 @@ def setup
           old_api_secret_key: T.nilable(String),
           response_as_struct: T.nilable(T::Boolean),
           api_host: T.nilable(String),
+          expiring_offline_access_tokens: T.nilable(T::Boolean),
         ).void
       end
       def modify_context(
@@ -68,7 +69,8 @@ def modify_context(
         user_agent_prefix: nil,
         old_api_secret_key: nil,
         response_as_struct: nil,
-        api_host: nil
+        api_host: nil,
+        expiring_offline_access_tokens: nil
       )
         ShopifyAPI::Context.setup(
           api_key: api_key ? api_key : ShopifyAPI::Context.api_key,
@@ -85,6 +87,7 @@ def modify_context(
           log_level: :off,
           response_as_struct: response_as_struct || ShopifyAPI::Context.response_as_struct,
           api_host: api_host || ShopifyAPI::Context.api_host,
+          expiring_offline_access_tokens: expiring_offline_access_tokens || ShopifyAPI::Context.expiring_offline_access_tokens,
         )
       end
     end