Skip to content

Commit

Permalink
Fix shopify hmac validation by inculding host params
Browse files Browse the repository at this point in the history
  • Loading branch information
@Paritoshyadav
Paritoshyadav committed Oct 25, 2022
1 parent 45d69da commit 36399aa
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion providers/shopify/session.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,9 @@ func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string,
// Validate the incoming HMAC is valid.
// See: https://help.shopify.com/en/api/getting-started/authentication/oauth#verification
digest := fmt.Sprintf(
"code=%s&shop=%s&state=%s&timestamp=%s",
"code=%s&host=%s&shop=%s&state=%s&timestamp=%s",
params.Get("code"),
params.Get("host"),
params.Get("shop"),
params.Get("state"),
params.Get("timestamp"),
Expand Down

0 comments on commit 36399aa

Please sign in to comment.