One-command tool to obtain a Shopify offline access token via the OAuth authorization code grant. Spins up a local server, tunnels it through Cloudflare, deploys the redirect URL to Shopify via CLI, and walks you through the OAuth flow in the browser.
- Node.js 18+
- pnpm
- cloudflared (
brew install cloudflared) - Shopify CLI (
npm install -g @shopify/cli), logged in viashopify auth login
pnpm install
cp .env.example .env
cp shopify.app.toml.example shopify.app.tomlFill in .env:
CLIENT_ID=your_shopify_app_client_id
CLIENT_SECRET=your_shopify_app_client_secret
SHOP=your-store.myshopify.com
SCOPES=read_products,write_orders
Link your Shopify app (first time only — this populates shopify.app.toml with your app config):
shopify app config link --client-id <your_client_id>pnpm startThis single command:
- Starts an HTTP server on port 3000
- Opens a Cloudflare tunnel (free, no account needed)
- Updates
shopify.app.tomlwith the tunnel URL - Runs
shopify app deployto push the redirect URL to the Shopify dashboard - Prints a URL to open in your browser
Click the link, approve scopes, and the offline access token (shpat_...) is displayed on screen.
Implements the Shopify authorization code grant:
GET /— landing page with "Authorize App" buttonGET /callback(no code) — redirects to Shopify's grant screenGET /callback?code=...— exchanges the code for an offline token viaPOST /admin/oauth/access_token
Offline tokens are requested by omitting grant_options[]. The token does not expire and persists until the app is uninstalled.
All config is in .env. Scopes are passed as a comma-separated string. The shopify.app.toml is auto-updated on each run with the new tunnel URL — you don't need to touch it.
| Variable | Description |
|---|---|
CLIENT_ID |
App API key from Shopify Partners |
CLIENT_SECRET |
App API secret (never committed) |
SHOP |
your-store.myshopify.com |
SCOPES |
Comma-separated OAuth scopes |
PORT |
Server port (default: 3000) |
MIT