Search code examples
shopwareshopware6shopware6-app

App registration on localhost or own domain

I am developing a Shopware 6 app and I have encountered my first issue during the registration. When I click install, I get the error Could not sign payload with store secret for app: app_name. The registration request never even reached the app server, because this error prevented the registration request from being sent.

After some more digging I came across two other clues:

  • An exception Shopware\Core\Framework\Store\Exception\ShopSecretInvalidException (Error message: Store shop secret is invalid)
  • The response from the Shopware platform that caused the exception to be thrown:
{
    "success": false,
    "code": "ShopwarePlatformException-68",
    "title": "Invalid shop authentication",
    "description": "The action performed is not allowed because the shop is not uniquely authenticated. Try to reconnect the Shopware account under \"My extensions\". If the error still occurs, please contact our customer service",
    "documentationLink": "https://docs.shopware.com/en/shopware-6-en/settings/extensions/error-messages#invalid_shop_authentification",
    "status": 401,
    "detail": "INVALID_SHOP_AUTHENTICATION",
    "context": []
}

This was already actionable info, so I went to the "My extensions" tab and tried to log in with my Shopware account. I got another error: Licensing host unknown.

I have tried and failed on two Shopware instances - one on localhost, one on a domain which I had connected to my Shopware Account as a wildcard environment. I also tried adding the same domain to "Shops in the partner account", but I got an error saying that the domain was already registered. I assume this is because the domain is already registered as a wildcard domain.

So, my question is twofold at this point:

  • Is it possible to somehow circumvent this signature mechanism in order to be able to develop and test the app locally?
  • What do I need to do on my Shopware Account in order to be able to log in to my account on a Shopware instance hosted on a regular domain?
Solution

  • For development purposes you can use a private app initially. You'll have to provide in a secret in your manifest.xml in that case.

    <?xml version="1.0" encoding="UTF-8"?>
<manifest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://raw.githubusercontent.com/shopware/platform/master/src/Core/Framework/App/Manifest/Schema/manifest-1.0.xsd">
    <!-- ... -->
    <setup>
        <registrationUrl>http://localhost/register/</registrationUrl>
        <secret>verysecret</secret>
    </setup>
</manifest>

    Minimal example of handling the registration request on your app server:

    use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\JsonResponse;

$request = Request::createFromGlobals();
$query = $request->query->all();
$proof = \hash_hmac(
    'sha256',
    $query['shop-id'] . $query['shop-url'] . 'YourAppName',
    'verysecret'
);

$response = new JsonResponse([
    'proof' => $proof,
    'secret' => 'verysecret',
    'confirmation_url' => 'http://localhost/confirm/'
]);

$response->send();