-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OAuth authentication #47
Conversation
@iamdharmesh We'll also want to ensure the readmes get updated with information on how encryption works and the need to set the custom defines, with a warning that if this isn't done, decryption may fail (if the |
@iamdharmesh Code looks good here and tests well, nice work! I do have feedback on a few things that I think is worth addressing:
|
^ The above are things I think we for sure should look at addressing. Here's a few things I'm raising for discussion purposes (cc / @jeffpaul @iamdharmesh):
|
I agree that some sort of admin notice, sigh adding another one to folks already likely clogged up admin notices, to direct folks who are using the API Key to disconnect and reconnect via OAuth would be ideal and within this release.
I think its fine to leave as-is. Ensuring we've got a good FAQ item in the readme as well as details for the Woo.com product documentation on the topic will be helpful to direct folks to that run into the core salts being rotated and then, finally, properly adding the MC constants instead. |
Thanks for the detailed feedback @dkotter. I have address those in 57c0058.
Thanks for confirming @jeffpaul. Could you please help with adjust the wording of the notice on how hard we want to push the users to switch to OAuth. eg: is deprecated vs is going to deprecated in future. (Heads up! It looks like you're using an API key to connect with Mailchimp, which is now deprecated. Please log out and reconnect your Mailchimp account using the new OAuth authentication by clicking the "Connect Account" button.) For encryption ( Thank you. |
…nhancement/e2e-tests
@iamdharmesh I'm fine with that existing notice noting deprecated. |
Add E2E tests
|
Sounds like there isn't a public facing API to do this, so the approach we're taking here is the best we can do for now |
Description of the Change
The PR replaces the existing API key-based authentication flow with OAuth authentication to improve the overall connection flow experience. Here are the details of the tasks covered in this PR.
mailchimpapp.com
service to generate an access tokenNote
Mailchimp for WooCommerce
plugin and didn’t find any API call for this. I also reviewed the API documentation but didn’t find any API for revoking tokens. Since Mailchimp uses non-expiring tokens, it is crucial to revoke the token upon logout.woocommerce.mailchimpapp.com
OAuth middleware server to connect with Mailchimp. We will need to update it to the WordPress server once it is set up.Closes #9
How to test the Change
New setup:
Existing Users
Changelog Entry
Credits
Props @jeffpaul @dkotter @iamdharmesh
Checklist: