{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 \"骚年 ilove 的问题《Shopify: How can I handle an uninstall followed by》','https://www.manongdao.com/q-556695.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've recently had the case that a user un-installed my Shopify app and instantly re-installed it. This caused a problem because I store all my users in a DB table.
Login/Installing works as follows:
- The user tells me his shop URL
- I forward the user to example.myshopify.com/admin/oauth/authorize where access is granted to my app
- I check if that shop URL is already stored in my local
user DB
- If not: I request a permanent access token and forward the user to the plan selection page
- If yes: I get the stored permanent access token from the user DB and log the user into my app
Uninstalling:
- The user uninstalls my app in his Shopify backend
- Shopify sends a webhook to my app
- I remove that user's data from the user DB
The problem is that the webhooks are sometimes delayed. If an user uninstalls and instantly re-installs, my app will think the install is a login attempt, and will use the now invalid access token stored in the user DB.
I figured I could just check if the redirection from the authorization page contains a temporary access token, and if yes, it would be a new installation, but it seems the access token is returned even if the app has already been installed.
So my question is: How can I handle instant re-installation gracefully? Surely there's something that I'm overlooking, there can't be such a huge "logic bug" in the Shopify API?
I've had this problem with my apps as well lately. Webhooks only started getting delayed in the last 2 months, and I'd be surprised if most apps out there weren't suffering from this regression bug now.
The way I deal with it is - when the user is redirected to the app and the old db object/token is still present in the database, try calling a dummy API call to the Shopify API (something like get shop details) with the token you have. If you get a 403 Unauthorized response, invalidate the user session and refresh the stored token.
Another problem is that after a minute or two when the original uninstall webhook does fire, do the same procedure - check for a 403 response. If you DON'T get a 403, then you know that the webhook is old and shouldn't be acted upon, because if you get a 200 OK it means that your token is good and that the app is still installed.
It's a bit convoluted and it added a fair bit of code to my apps, but it's the only thing I could think of on a short notice - because merchants do uninstall/re-install quickly fairly often.