Contrib.social

Issue With Shopify Access Tokens and Keys

Open on Drupal.org →
Created on 27 November 2024, 25 days ago

Problem/Motivation

I am developing a module to integrate with Shopify. I would like to be able to use Encrypt and Key modules to safely store and use API Keys and Access Tokens provided by Shopify. But, I have run into an issue where I receive the message: "The selected key size does not match the actual size of the key."

Steps to reproduce

Shopify changed the length of their keys/tokens about a year ago when they added a prefix to them which makes AES-256 unhappy.

Proposed resolution

I don't have one as of yet.

Remaining tasks

Drinking whiskey and just forgetting the whole thing! ;-)

Some suggestions I have seen online suggest storing them as unencrypted data but that is just silly. I am sure I am missing something very basic here and would appreciate any help you can provide.

Thanks in advance!

💬 Support request
Status

Active

Version

4.0

Component

Miscellaneous

Created by

🇨🇦Canada Shane Birley

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Shane Birley
  • Comment 25 days ago
    🇨🇦Canada Shane Birley

    Wait, did I completely miss the "Key Configuration Overrides" section for this module? Perhaps that is what I should be exploring.

  • Comment 25 days ago
    🇯🇵Japan ptmkenny

    How are you specifying the key, as an environmental variable or as a file?

    You can set the key size on the configuration form. What key size are you setting?

  • Comment 25 days ago
    🇨🇦Canada Shane Birley

    For the token, I am setting the type to "encryption" and the keysize to 256. But that works for 32 character tokens. Shopify added an additional six characters for a prefix so you may distinguish between Shopify tokens, keys, etc.

    It was when they added a prefix "shpat_" to the tokens where my knowledge falls down. I am not 100% sure what key size to set it to and... math is hard.

    (Did anyone detect the wimpy whine in that statement?)

  • Comment 24 days ago
    🇯🇵Japan ptmkenny

    On the configuration form, if you are specifying Key Type "Encryption", you need to set a "Key size" (the key length), but you also need to set a "Key provider" (under "Provider settings"). For the "Key Provider", you can set "Environment" (for an envvar) or "File" for a file located on disk.

    The prefix to the token is not part of the encrypted value, is it? So it should be irrelevant to the key length.

    Rereading your post: are you trying to encrypt the shopify token using the token itself as the key? That won't work. You need to use an encryption key (for example, using the Real AES module) and then encrypt the shopify token with that (which could be stored with, for example, the Field Encryption module).

    The Encrypt + Key modules are an API for encrypting data, nothing more. If you want to do secrets management using encryption, you will need additional modules (such as the Field Encryption or Vault for Drupal modules).

  • Comment 24 days ago
    🇨🇦Canada Shane Birley

    I have been using Encrypt/Key with Real AES.

    The prefix is required when submitting otherwise it won't be accepted by Shopify. Whether or not it is part of the token... this I might need to do a bit of research on. It "seems" to be part of the token since one is required to submit the entire thing as generated.

    I hadn't run into the Field Encryption module, I will check it out.

    Thanks so much to get my brain thinking. I will follow up once I have gone over this again.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024