Airbyte is an open-source data integration engine that helps you consolidate your data in your data warehouses, lakes and databases.

Airbyte

Sounds great, looking forward to these new features :+1: 

Hi! I did some tests to make Airbyte Cloud authenticate against our customer’s shopify store using our Shopify public app, and it appears to be working, but i’m not sure why the OAuth credentials overrides is required.

Let me explain: I did create a shopify public app, and implemented the oauth Flow on our end (so no Airbyte here), once our customers go through the flow, we end up getting a shopify offline access token (`shpat_***`) on his behalf. Finally we can use this token to create an Airbyte source, using the existing API password method.

Am I missing something? I don’t get why Airbyte would need the `client_id`/`client_secret` of our Shopify app

My understanding is that the oauth credentials overrides is available globally because some other sources might require Airbyte to have access to the source app credentials (for instance, to refresh short lived tokens), but regarding Shopify is looks not necessary (at least, at this point)

Hi <@U05ALLT767L>! As part of running connection tests/syncs with a given connector’s OAuth tokens/credentials, we occasionally need to refresh the token. Depending on the connector this might happen immediately on testing the connection, or might happen later when the access token has expired.

The way this works in Airbyte Cloud is that we have a set of credentials that we use for each type of source _*unless*_ you specify an override. This of course only applies to sources that support OAuth in cloud.

The way this manifests is that if you provide your own OAuth refresh token but you don’t provide a credential override, the connection test/first sync will likely fail because we’ll be trying to refresh the access token using your refresh token and Airbyte’s client ID/secret.

I’m not specifically familiar with how the Shopify OAuth flow works, but in looking over at least the Shopify API docs, it seems possible that we don’t need to refresh the access token (a bit strange?) and that once we have an access token, we don’t need the `client_id`/`client_secret`.

So in this specific case, it might not be necessary to provide those credentials in an override but I haven’t tried that out myself.

Let me know if you have additional questions or want to dig into this further and I’m happy to help <@U05ALLT767L>!

Thanks for the reply! yes, my understanding is that it is not required for Shopify (would be great if you could confirm it)

you do require refresh_token for some of your sources, for instance zendesk-chat:

<https://shopify.dev/docs/apps/auth/oauth/access-modes#offline-access>

IMO this has to do with how Shopify, by default, generates “offline” access tokens, which never expire

Ah ok I found it strange that the tokens never expire because I’ve never seen that as the default, but my guess is that because of that we never actually need the client ID/secret again but I will check the connector code to confirm.