kyon147/laravel-shopify
Composer 安装命令:
composer require kyon147/laravel-shopify
包简介
Shopify package for Laravel to aide in app development
关键字:
README 文档
README
This is a maintained version of the wonderful but now deprecated original Laravel Shopify App. To keep things clean, this has been detached from the original.
To install this package run:
composer require kyon147/laravel-shopify
Publish the config file:
php artisan vendor:publish --tag=shopify-config
A full-featured Laravel package for aiding in Shopify App development, similar to shopify_app for Rails. Works for Laravel 8 and up.
Table of Contents
* Wiki pages
For more information, tutorials, etc., please view the project's wiki.
Goals
- Per User Auth Working
- Better support for SPA apps using VueJS
- Getting "Blade" templates working better with Shopify's new auth process???
Documentation
For full resources on this package, see the wiki.
Expiring offline access tokens
Shopify requires expiring offline access tokens for new public apps created on or after April 1, 2026. This package supports them when enabled:
- Run package migrations so your shops table includes
shopify_offline_refresh_token,shopify_offline_access_token_expires_at, andshopify_offline_refresh_token_expires_at. - Set
SHOPIFY_EXPIRING_OFFLINE_TOKENS=truein.env(seeexpiring_offline_tokens,auto_migrate_legacy,offline_access_token_refresh_skew_seconds, andoffline_refresh_token_renewal_daysinconfig/shopify-app.php). - Keep
APP_KEYstable: refresh tokens are stored encrypted with Laravel’s encrypter.
Authorization code exchange, session-token exchange, and refresh_token grants are handled inside this package (Osiset\ShopifyApp\Services\ApiHelper and OfflineAccessTokenRefresher), not via gnikyt/basic-shopify-api updates. A valid access token is refreshed automatically before apiHelper() builds the API session when the offline token is expired or within the configured skew.
Migrating existing installs (optional): Shops that already have a non-expiring offline token are not upgraded automatically when you enable the flag alone. Options:
- Passive (default): With
SHOPIFY_AUTO_MIGRATE_LEGACY=true(default), the firstapiHelper()call for a legacy shop runs Shopify Step 4 token exchange synchronously. Failures are logged and the request continues with the legacy token (fail-open). - Batch CLI (serverless-safe):
php artisan shopify-app:migrate-expiring-offline-tokens(--dry-run,--shop=example.myshopify.com,--queue=,--connection=) chunks matching shops and dispatchesMigrateShopTokenJobto the queue — no HTTP in the command itself (suitable for Laravel Vapor). Without--queue=/ config, jobs use the app default queue. SetSHOPIFY_MIGRATE_OFFLINE_TOKENS_JOB_QUEUE/SHOPIFY_MIGRATE_OFFLINE_TOKENS_JOB_CONNECTION(or matchingjob_queues/job_connectionskeys) for a dedicated worker. - Action:
MigrateShopToExpiringOfflineAccessToken— call per shop from your own code; returnsmigrated,skipped,reason, anderrorkeys. - API:
ApiHelper::exchangeNonExpiringOfflineTokenForExpiring($shopDomain, $currentOfflineToken)then persist withShopCommand::setAccessToken.
Migration is one-way: Shopify revokes the old token on successful exchange.
Proactive renewal for dormant shops (optional): Refresh tokens expire after ~90 days. If a shop has no API activity (webhooks, scheduled jobs, etc.) for that long, tokens can lapse. The package provides an opt-in CLI that queues renewal for shops whose refresh token expires within a configurable window (default 14 days via SHOPIFY_OFFLINE_REFRESH_TOKEN_RENEWAL_DAYS):
- Batch CLI:
php artisan shopify-app:refresh-expiring-offline-tokens(--dry-run,--shop=example.myshopify.com,--days=14,--queue=,--connection=) chunks matching shops and dispatchesRefreshShopOfflineTokenJobto the queue. UseSHOPIFY_REFRESH_OFFLINE_TOKENS_JOB_QUEUE/SHOPIFY_REFRESH_OFFLINE_TOKENS_JOB_CONNECTION(or CLI overrides) to target a dedicated worker; otherwise jobs use the app default queue. - Scheduler (app-owned): the package does not register a schedule automatically. Add to your app's
routes/console.phporKernel:
Schedule::command('shopify-app:refresh-expiring-offline-tokens')->daily();
Long-running jobs: Token refresh runs when the API client is first built ($shop->api() / $shop->apiHelper()). If a job reuses the same shop model for hours, the cached client keeps the old access token even after expiry. Options:
- Opt-in config:
SHOPIFY_REFRESH_OFFLINE_TOKEN_BEFORE_API_CALL=truere-checks expiry before eachapi()/apiHelper()call and rebuilds the client when needed. - Manual helpers on your shop model:
$shop->offlineAccessTokenIsFresh()—truewhen the token is outside the refresh skew window$shop->refreshOfflineAccessTokenIfNeeded()— refreshes via Shopify and clears the cached client$shop->resetApiClient()— clears the cached client so the next API call rebuilds it
// Per loop iteration in a bulk job if (! $shop->offlineAccessTokenIsFresh()) { $shop->refreshOfflineAccessTokenIfNeeded(); } $shop->api()->graph('...');
If your User model overrides $casts, merge datetime casts for the two *_expires_at columns (the ShopModel trait uses mergeCasts when initializeShopModel runs).
Longer term, consider replacing or forking gnikyt/basic-shopify-api for REST/Graph traffic if you need an actively maintained HTTP client; expiring offline OAuth is already decoupled from that dependency.
Issue or request?
If you have found a bug or would like to request a feature for discussion, please use the ISSUE_TEMPLATE in this repo when creating your issue. Any issue submitted without this template will be closed.
License
This project is released under the MIT license.
Misc
Repository
Contributors
Contributions are always welcome! Contibutors are updated each release, pulled from Github. See CONTRIBUTORS.txt.
If you're looking to become a contributor, please see CONTRIBUTING.md.
Maintainers
Maintainers are users who manage the repository itself, whether it's managing the issues, assisting in releases, or helping with pull requests.
Currently this repository is maintained by:
- @kyon147
- @JonPurvis
@gnikytOriginal author of the package. See announcement for details.
Looking to become a maintainer? E-mail @kyon147 directly.
Special Note
I develop this package in my spare time, with a busy family/work life like many of you! So, I would like to thank everyone who's helped me out from submitting PRs, to assisting on issues, and plain using the package (I hope its useful). Cheers.
kyon147/laravel-shopify 适用场景与选型建议
kyon147/laravel-shopify 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 307.73k 次下载、GitHub Stars 达 482, 最近一次更新时间为 2022 年 12 月 16 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「api」 「sdk」 「driver」 「shopify」 「laravel」 「facade」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 kyon147/laravel-shopify 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 kyon147/laravel-shopify 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 kyon147/laravel-shopify 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Galera cluster driver for Doctrine
A PHP client driver for the RethinkDB query language (ReQL)
A PSR-7 compatible library for making CRUD API endpoints
Arikam CMS Driver package
Use a REST API as if it was your local database
A PHP client driver for the RethinkDB query language (ReQL)
统计信息
- 总下载量: 307.73k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 483
- 点击次数: 32
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2022-12-16

