Added options hash to create_permission_url and makes redirect_uri required

README.md

@@ -192,17 +192,16 @@ ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveR
    shopify_session = ShopifyAPI::Session.new(domain: "SHOP_NAME.myshopify.com", api_version: api_version, token: nil)
    ```
 
-   Then call:
+   Then call `create_permission_url` with the redirect_uri you've registered for your application:
 
    ```ruby
-   scope = ["write_products"]
-   permission_url = shopify_session.create_permission_url(scope)
+   permission_url = shopify_session.create_permission_url(scope, "https://my_redirect_uri.com")
    ```
 
-   or if you want a custom redirect_uri:
+   You can also pass a state parameter in the options hash as a last argument:
 
    ```ruby
-   permission_url = shopify_session.create_permission_url(scope, "https://my_redirect_uri.com")
+   permission_url = shopify_session.create_permission_url(scope, "https://my_redirect_uri.com", { state: "My Nonce" })
    ```
 
 4. Once authorized, the shop redirects the owner to the return URL of your application with a parameter named 'code'. This is a temporary token that the app can exchange for a permanent access token.

lib/shopify_api/session.rb

@@ -91,9 +91,9 @@ module ShopifyAPI
       self.extra = extra
     end
 
-    def create_permission_url(scope, redirect_uri = nil)
-      params = {:client_id => api_key, :scope => scope.join(',')}
-      params[:redirect_uri] = redirect_uri if redirect_uri
+    def create_permission_url(scope, redirect_uri, options = {})
+      params = { client_id: api_key, scope: scope.join(','), redirect_uri: redirect_uri }
+      params[:state] = options[:state] if options[:state]
       construct_oauth_url("authorize", params)
     end
 

test/session_test.rb

@@ -150,20 +150,21 @@ class SessionTest < Test::Unit::TestCase
     assert_equal(ShopifyAPI::ApiVersion.new(handle: '2019-01'), ShopifyAPI::Base.api_version)
   end
 
-  test "create_permission_url returns correct url with single scope no redirect uri" do
-    ShopifyAPI::Session.setup(:api_key => "My_test_key", :secret => "My test secret")
+  test "create_permission_url requires redirect_uri" do
+    ShopifyAPI::Session.setup(api_key: "My_test_key", secret: "My test secret")
     session = ShopifyAPI::Session.new(
       domain: 'http://localhost.myshopify.com',
       token: 'any-token',
       api_version: any_api_version
     )
     scope = ["write_products"]
-    permission_url = session.create_permission_url(scope)
-    assert_equal "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&scope=write_products", permission_url
+    assert_raises(ArgumentError) do
+      session.create_permission_url(scope)
+    end
   end
 
   test "create_permission_url returns correct url with single scope and redirect uri" do
-    ShopifyAPI::Session.setup(:api_key => "My_test_key", :secret => "My test secret")
+    ShopifyAPI::Session.setup(api_key: "My_test_key", secret: "My test secret")
     session = ShopifyAPI::Session.new(
       domain: 'http://localhost.myshopify.com',
       token: 'any-token',
@@ -174,28 +175,40 @@ class SessionTest < Test::Unit::TestCase
     assert_equal "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&scope=write_products&redirect_uri=http://my_redirect_uri.com", permission_url
   end
 
-  test "create_permission_url returns correct url with dual scope no redirect uri" do
-    ShopifyAPI::Session.setup(:api_key => "My_test_key", :secret => "My test secret")
+  test "create_permission_url returns correct url with dual scope" do
+    ShopifyAPI::Session.setup(api_key: "My_test_key", secret: "My test secret")
     session = ShopifyAPI::Session.new(
       domain: 'http://localhost.myshopify.com',
       token: 'any-token',
       api_version: any_api_version
     )
     scope = ["write_products","write_customers"]
-    permission_url = session.create_permission_url(scope)
-    assert_equal "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&scope=write_products,write_customers", permission_url
+    permission_url = session.create_permission_url(scope, "http://my_redirect_uri.com")
+    assert_equal "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&scope=write_products,write_customers&redirect_uri=http://my_redirect_uri.com", permission_url
+  end
+
+  test "create_permission_url returns correct url with no scope" do
+    ShopifyAPI::Session.setup(api_key: "My_test_key", secret: "My test secret")
+    session = ShopifyAPI::Session.new(
+      domain: 'http://localhost.myshopify.com',
+      token: 'any-token',
+      api_version: any_api_version
+    )
+    scope = []
+    permission_url = session.create_permission_url(scope, "http://my_redirect_uri.com")
+    assert_equal "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&scope=&redirect_uri=http://my_redirect_uri.com", permission_url
   end
 
-  test "create_permission_url returns correct url with no scope no redirect uri" do
-    ShopifyAPI::Session.setup(:api_key => "My_test_key", :secret => "My test secret")
+  test "create_permission_url returns correct url with state" do
+    ShopifyAPI::Session.setup(api_key: "My_test_key", secret: "My test secret")
     session = ShopifyAPI::Session.new(
       domain: 'http://localhost.myshopify.com',
       token: 'any-token',
       api_version: any_api_version
     )
     scope = []
-    permission_url = session.create_permission_url(scope)
-    assert_equal "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&scope=", permission_url
+    permission_url = session.create_permission_url(scope, "http://my_redirect_uri.com", state: "My nonce")
+    assert_equal "https://localhost.myshopify.com/admin/oauth/authorize?client_id=My_test_key&scope=&redirect_uri=http://my_redirect_uri.com&state=My%20nonce", permission_url
   end
 
   test "raise exception if code invalid in request token" do