New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding Shopify detector #875
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution, @kstilwell!
If we use this endpoint for verification it should verify for any oauth scopes assigned to the app: https://shopify.dev/api/admin-rest/2022-10/resources/accessscope#get-admin-oauth-access-scopes
We could also use the response data to add extra information on the scopes that the credential has in the ExtraData
field.
Hey @dustin-decker, thanks for the feedback...made the changes you requested. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Kevin, looks good now. We'll merge this soon after updating the protos.
Hey @dustin-decker, just wanted to check if there was anything else you needed from me to get this merged. |
Hey Kevin, looks like there is one linter warning in the detector file. I believe you should be able to omit the |
* Fixes/work based on testing * Remove some commented code * Change how verification happens and grab additional information * Address linter warnings. * add shopify detector to default detectors. Co-authored-by: Dustin Decker <dustin@trufflesec.com> Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
Specifically, this is adding Shopify access token detection. These tokens are used to authenticate with the Shopify admin API.
Some relevant links:
https://shopify.dev/apps/auth/admin-app-access-tokens
https://shopify.dev/api/admin/getting-started