Home Explore Help
Sign In
Dachen
/
shopify_api
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

PR comments

Francois Chagnon 8 years ago
parent
217feec47c
commit
9fb1149aa8
1 changed files with 4 additions and 4 deletions
Split View Show Diff Stats
  1. 4 4
      README.md

+ 4 - 4
README.md
View File 

@@ -85,7 +85,7 @@ ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveR
 
    * ``scope`` – Required – The list of required scopes (explained here: https://help.shopify.com/api/guides/authentication/oauth#scopes)
 
    * ``redirect_uri`` – Required – The URL where you want to redirect the users after they authorize the client. The complete URL specified here must be identical to one of the Application Redirect URLs set in the App's section of the Partners dashboard. Note: in older applications, this parameter was optional, and redirected to the Application Callback URL when no other value was specified.
 
    * ``state`` – Optional – A randomly selected value provided by your application, which is unique for each authorization request. During the OAuth callback phase, your application must check that this value matches the one you provided during authorization. [This mechanism is important for the security of your application](https://tools.ietf.org/html/rfc6819#section-3.6).
 
-   * ``grant_options[]`` - Optional - Set this parameter to `per-user` to receive an access token that respects the user's permission level when making api requests (called online access). This is strongly recommended for embedded apps.
 
+   * ``grant_options[]`` - Optional - Set this parameter to `per-user` to receive an access token that respects the user's permission level when making API requests (called online access). This is strongly recommended for embedded apps.
 
 
    We've added the create_permission_url method to make this easier, first instantiate your session object:
 
 
@@ -136,7 +136,7 @@ ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveR
 
    token = session.request_token(params)
 
    ```
 
 
-   This method will save the token to the session object and return it. All fields returned by Shopify, other than the access token itself, are stored in the session's `extra` attribute. For a list of all fields returned by Shopify, read [our oauth documentation](https://help.shopify.com/api/guides/authentication/oauth#confirming-installation). If you requested an access token that is associated with a specific user, you can retreive information about this user from the `extra` hash:
 
+   This method will save the token to the session object and return it. All fields returned by Shopify, other than the access token itself, are stored in the session's `extra` attribute. For a list of all fields returned by Shopify, read [our OAuth documentation](https://help.shopify.com/api/guides/authentication/oauth#confirming-installation). If you requested an access token that is associated with a specific user, you can retreive information about this user from the `extra` hash:
 
 
    ```ruby
 
    # a list of all granted scopes
 
@@ -145,14 +145,14 @@ ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveR
 
    user = session.extra['associated_user']
 
    # the access scopes available to this user, which may be a subset of the access scopes granted to this app.
 
    active_scopes = session.extra['associated_user_scope']
 
-   # the time at which this token expires, this is automatically converted from 'expired_in' returned by Shopify
 
+   # the time at which this token expires; this is automatically converted from 'expires_in' returned by Shopify
 
    expires_at = session.extra['expires_at']
 
    ```
 
 
    For the security of your application, after retrieving an access token you must validate the following:
 
    1) The list of scopes in `session.extra['scope']` is the same as you requested.
 
    2) If you requested an online-mode access token, `session.extra['associated_user']` must be present.
 
-   Failing either of these tests means the end-user may have tampered with the query parameters during the OAuth authentication phase. You should avoid using this access token and revoke it immediately. Using [`omniauth-shopify-oauth2`](https://github.com/Shopify/omniauth-shopify-oauth2) gem these checks are done automatically for you.
 
+   Failing either of these tests means the end-user may have tampered with the url parameters during the OAuth authentication phase. You should avoid using this access token and revoke it immediately. If you use the [`omniauth-shopify-oauth2`](https://github.com/Shopify/omniauth-shopify-oauth2) gem these checks are done automatically for you.
 
 
    For future sessions simply pass in the `token` and `extra` hash (optional) when creating the session object: