Merge branch 'main' into dependabot/npm_and_yarn/types/cookie-parser-…

…1.4.6
Shopify · Feb 1, 2024 · dd09669 · dd09669
2 parents 1f4fe2b + 0d7cdac
commit dd09669
Show file tree

Hide file tree

Showing 16 changed files with 585 additions and 453 deletions.
diff --git a/.changeset/fresh-bottles-tell.md b/.changeset/fresh-bottles-tell.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.changeset/friendly-laws-yell.md b/.changeset/friendly-laws-yell.md
@@ -0,0 +1,5 @@
+---
+'@shopify/shopify-app-session-storage-redis': patch
+---
+
+Updates redis from 4.6.11 to 4.6.12.
diff --git a/.changeset/lucky-cooks-glow.md b/.changeset/lucky-cooks-glow.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.changeset/proud-knives-happen.md b/.changeset/proud-knives-happen.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -13,19 +13,13 @@ jobs:
       - uses: actions/stale@v5
         with:
           days-before-issue-stale: 60
-          days-before-issue-close: 14
           operations-per-run: 1000
           stale-issue-label: "Stale"
-          stale-issue-message: >
-            This issue is stale because it has been open for 90 days with no activity. It will be closed if no further action occurs in 14 days.
-          close-issue-message: |
-            We are closing this issue because it has been inactive for a few months.
-            This probably means that it is not reproducible or it has been fixed in a newer version.
-            If it's an enhancement and hasn't been taken on since it was submitted, then it seems other issues have taken priority.
+          stale-issue-message: |
+            We're labeling this issue as stale because there hasn't been any activity on it for 60 days. While the issue will stay open and we hope to resolve it, this helps us prioritize community requests.
 
-            If you still encounter this issue with the latest stable version, please reopen using the issue template. You can also contribute directly by submitting a pull request– see the [CONTRIBUTING.md](https://github.com/Shopify/shopify-app-js/blob/main/CONTRIBUTING.md) file for guidelines
-
-            Thank you!
+            You can add a comment to remove the label if it's still relevant, and we can re-evaluate it.
+          days-before-issue-close: -1
           days-before-pr-stale: -1
           days-before-pr-close: -1
           repo-token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/packages/shopify-app-remix/CHANGELOG.md b/packages/shopify-app-remix/CHANGELOG.md
@@ -6,6 +6,8 @@
 
 - 2473c85: Add new embedded authorization strategy relying on Shopify managed install and OAuth token exchange
 
+  :exclamation: For more information on how to enable this feature, see ["New Embedded Authorization Strategy"](./README.md#new-embedded-authorization-strategy)
+
 ### Patch Changes
 
 - 35b74dd: Fixes a bug that was causing external redirects to fail in remix actions

diff --git a/packages/shopify-app-remix/README.md b/packages/shopify-app-remix/README.md
@@ -174,6 +174,50 @@ Here are some guides to help you set up your app:
 You can also authenticate requests from surfaces other than the admin.
 To see all supported methods, see [the `shopify.authenticate` object documentation](https://shopify.dev/docs/api/shopify-app-remix/latest/authenticate).
 
+### New embedded app authorization strategy
+
+> [!TIP]
+> If you are building an embedded app, we **strongly** recommend using [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation)
+> with [token exchange](https://shopify.dev/docs/apps/auth/get-access-tokens/token-exchange) instead of the legacy authorization code grant flow.
+
+We've introduced a new installation and authorization strategy for **embedded apps** that
+eliminates the redirects that were previously necessary.
+It replaces the existing [installation and authorization code grant flow](https://shopify.dev/docs/apps/auth/get-access-tokens/authorization-code-grant).
+
+This is achieved by using [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation)
+to handle automatic app installations and scope updates, while utilizing
+[token exchange](https://shopify.dev/docs/apps/auth/get-access-tokens/token-exchange) to retrieve an access token for
+authenticated API access.
+
+##### Enabling this new strategy in your app
+
+> [!NOTE]
+> Newly created Remix apps from the template after February 1st 2024 has this feature enabled by default.
+
+1. Enable [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation)
+   by configuring your scopes [through the Shopify CLI](https://shopify.dev/docs/apps/tools/cli/configuration).
+2. Enable the future flag `unstable_newEmbeddedAuthStrategy` in your app's server configuration file.
+
+```ts
+// my-app/app/shopify.server.ts
+const shopify = shopifyApp({
+  ...
+  isEmbeddedApp: true,
+  future: {
+    unstable_newEmbeddedAuthStrategy: true,
+  }
+})
+
+```
+
+3. Enjoy a smoother and faster app installation process.
+
+###### Learn more about:
+
+- [How token exchange works](https://shopify.dev/docs/apps/auth/get-access-tokens/token-exchange)
+- [Using Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation)
+- [Configuring access scopes through the Shopify CLI](https://shopify.dev/docs/apps/tools/cli/configuration)
+
 ## Gotchas / Troubleshooting
 
 If you're experiencing unexpected behaviors when using this package, check our [app template's documentation](https://github.com/Shopify/shopify-app-template-remix#gotchas--troubleshooting) for the solution to common issues.