During oAuth process it's good to set state param to authorize url for security. When I checked Überauth Shopify https://github.com/kodehort/ueberauth_shopify/blob/master/lib/ueberauth/strategy/shopify.ex#L88 it is sent to shopify.
But I don't understand how I need to set this state param in my Phoenix application that Shopify would get it. Any suggestions?
You supply state in the URL you're passing to Ueberauth (In the same way, scopes are passed as well)
Depending on your router setup, with the default being:
pipeline :auth do
Ueberauth.plug "/auth"
end
scope "/auth" do
pipe_through [:browser, :auth]
get "/:provider/callback", AuthController, :callback
end
you supply scopes and state by redirecting your user to the specified auth URL:
/auth/shopify?scopes=read_orders%20read_products&state=yourSuperSecretState
or without any scopes:
/auth/shopify?state=yourSuperSecretState