You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Oauth2 signature validation will fail when during credential rotation, since the signature is generated with the oldest secret, and validation can only be configured to validate against a single secret in shopify_python_api.
Solution
This needs to be handled similar to webhook validation, where it must be possible to specify the old API secret as well as the new one for signature validation, and accept the signature if it matches the ones generated with either secret.
The text was updated successfully, but these errors were encountered:
Problem
Oauth2 signature validation will fail when during credential rotation, since the signature is generated with the oldest secret, and validation can only be configured to validate against a single secret in shopify_python_api.
Solution
This needs to be handled similar to webhook validation, where it must be possible to specify the old API secret as well as the new one for signature validation, and accept the signature if it matches the ones generated with either secret.
The text was updated successfully, but these errors were encountered: