From fc1d76f8f3049ba51d0c902efc209e902bd7c220 Mon Sep 17 00:00:00 2001 From: Frederik Schmitt Date: Mon, 29 Jan 2024 11:27:04 +0100 Subject: [PATCH] Remove unnecessary repetition (#1274) --- .../plugins/apps/clientside-to-app-backend.md | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/guides/plugins/apps/clientside-to-app-backend.md b/guides/plugins/apps/clientside-to-app-backend.md index f02c0435a..af7812ac4 100644 --- a/guides/plugins/apps/clientside-to-app-backend.md +++ b/guides/plugins/apps/clientside-to-app-backend.md @@ -2,15 +2,16 @@ nav: title: Client-side communication to the app backend position: 30 - --- # Client-App backend communication -Direct communication from the browser to the app backend involves generating a JWT token. This token contains session-specific information, as [claims](#the-jwt-token), and is securely signed by the shop. This mechanism ensures a secure exchange of data between the client and the app backend. +Direct communication from the browser to the app backend involves generating a JSON Web Token (JWT). +This token contains session-specific information, as [claims](#the-json-web-token), and is securely signed by the shop. +This mechanism ensures a secure exchange of data between the client and the app backend. ::: warning -The JWT key can be only generated when in the browser the user is logged-in. +The JWT can be only generated when in the browser the user is logged-in. ::: ## The Flow @@ -21,13 +22,13 @@ sequenceDiagram participant Shopware Backend participant App Server Client->>Shopware Backend: POST /store-api/app-system/MyApp/generate-token - Shopware Backend->>Client: Responds with Signed JWT Token + Shopware Backend->>Client: Responds with signed JWT Client->>App Server: Post /product-review/submit containing JWT in header ``` -## The JWT token +## The JSON Web Token -The JWT token contains the following claims: +The JWT contains the following claims: - `languageId` - the language ID of the current session - `currencyId` - the currency ID of the current session @@ -37,17 +38,17 @@ The JWT token contains the following claims: The claims are only set when the app has permission to that specific entity like `sales_channel:read` for `salesChannelId` claim. -The JWT token is signed with `SHA256-HMAC` and the secret is the `appSecret` from the app registration and the `issued by` is the shopId also from the registration. +The JWT is signed with `SHA256-HMAC` and the secret is the `appSecret` from the app registration and the `issued by` is the shopId also from the registration. -## Generate JWT key +## Generate JSON Web Token -The JWT key is generated with a POST request against `/store-api/app-system/{name}/generate-token` or `/app-system/{name}/generate-token`. +The JWT is generated with a POST request against `/store-api/app-system/{name}/generate-token` or `/app-system/{name}/generate-token`. -For the Storefront usage, there is an HTTP client helper, which handles the token generation and lets you directly call your app backend. +For the Storefront usage, there is a HTTP client helper, which handles the token generation and lets you directly call your app backend. ```javascript import AppClient from 'src/service/app-client.service.ts'; @@ -68,7 +69,7 @@ client.delete('https://my-app-backend.com/foo') -If you want to generate the JWT token yourself, you can use the following code snippet: +If you want to generate the JWT yourself, you can use the following code snippet: ```javascript const response = await fetch('/store-api/app-system/{name}/generate-token', { @@ -91,7 +92,7 @@ Requesting from the browser to the app backend is only possible when your app ba - Access-Control-Allow-Headers: shopware-app-shop-id, shopware-app-token ::: -## Validate the JWT token +## Validate the JSON Web Token @@ -135,7 +136,8 @@ class StorefrontController { -Fetch the shop by the `shopware-app-shop-id` header and create a JWT verifier with the app secret as `HMAC-SHA256` secret. Verify the JWT token (shopware-app-token) with the verifier. +Fetch the shop by the `shopware-app-shop-id` header and create a JWT verifier with the app secret as `HMAC-SHA256` secret. +Verify the JWT (shopware-app-token) with the verifier.